CVE-2007-6569

Cross-site scripting XSS vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246...

PBLang 4.67.16.a - Remote Code Execution

!/usr/bin/php -q -d shortopentag=on ?php errorreporting0; iniset"maxexecutiontime",0; iniset"defaultsockettimeout",5; if $argc4 print "-------------------------------------------------------------------------\r\n"; print " PBLang = 4.67.16.a Remote Code Execution Exploit\r\n"; print...

phpnukesplat-lfi.txt

!/usr/bin/perl Modulo Splatt Forum v4.0 RC1bbcoderef.php nameLocal File Include Exploit D.Script: http://sourceforge.net/projects/splattforum/ V.Code $modulename = $name; -------- Line : 17 include"modules/".$modulename."/functions.php"; -------- Line : 19 Dork: "Splatt Forum" Discovered & Coded ...

galeria-lfi.txt

!/usr/bin/perl Script Name: Galeria Zdjec = v3.0 zdnumer.php Local File Include Exploit Coded by : ajann Author : ajann Contact : : $$ : Free use IO::Socket; use LWP::Simple; @apache= "../../../../../var/log/httpd/accesslog", "../../../../../var/log/httpd/errorlog", "../apache/logs/error.log",...

Apple Mac OS X Apple Type Services server fails to securely create error log files

Overview The Apple Mac OS X Apple Type Services server insecurely creates error log files, which may allow a local attacker to overwrite or create files with system privileges. Description Apple Mac OS X Apple Type Services server fails to securely create error log files. A local attacker may be...

PHPManta 1.0.2 - 'view-sourcecode.php' Local File Inclusion

!/usr/bin/perl Script Name: phpManta - Mdoc = 1.0.2 view-sourcecode.php Local File Include Exploit Coded by : ajann Author : ajann Contact : : use IO::Socket; use LWP::Simple; @apache= "../../../../../var/log/httpd/accesslog", "../../../../../var/log/httpd/errorlog", "../apache/logs/error.log",...

CVE-2006-4624

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI...

CVE-2006-3261

Cross-site scripting XSS vulnerability in Trend Micro Control Manager TMCM 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log...

Directory traversal

Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via ".." sequences in the language cookie, as demonstrated by by injecting the code into the glsession cookie of users.php, which is stored in error.log...

Apache Error Log Escape Sequence Injection

The target is running an Apache web server which allows for the injection of arbitrary escape sequences into its error logs. An attacker might use this vulnerability in an attempt to exploit similar vulnerabilities in terminal emulators. OpenVAS has determined the vulnerability exists only by...

beaXSS.txt

I. DESCRIPTION A cross-site scripting issue affects the display of error events in the 'View Error Log' feature of BEA WebLogic Administration console. II. AFFECTED PRODUCTS BEA WebLogic 8.1 SP4 and previous. III. HOW TO VERIFY 1. Make a HTTP request containing XSS code to a target Web server $...

CVE-2005-0040

DotNetNuke (DNN) before 3.0.12 is affected by multiple XSS vulnerabilities (CVE-2005-0040) that allow remote attackers to inject script via (1) the register-a-new-user page, (2) the User-Agent header, and (3) the Username field, due to improper quoting before logging. Affected versions are

CVE-2005-0040

Multiple cross-site scripting XSS vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the 1 register a new user page, 2 User-Agent, or 3 Username, which is not properly quoted before sending to the error log...

CVE-2005-0040

Multiple cross-site scripting XSS vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the 1 register a new user page, 2 User-Agent, or 3 Username, which is not properly quoted before sending to the error log...

CVE-2004-1606

Affected software: SalesLogix 6.1; vulnerable component: slxweb.dll. Description from CVE entries: remote attackers can cause a denial of service (application crash) by sending an invalid HTTP request, with potential leakage of sensitive information via the ErrorLogMsg cookie. The connected docum...

CVE-2004-0923

CUPS 1.1.20 and earlier records authentication information for a device URI in the errorlog file, which allows local users to obtain user names and passwords...

DEBIAN-CVE-2004-0923

CUPS 1.1.20 and earlier records authentication information for a device URI in the errorlog file, which allows local users to obtain user names and passwords...

CVE-2004-0923

CUPS 1.1.20 and earlier records authentication information for a device URI in the errorlog file, which allows local users to obtain user names and passwords...

CVE-2004-0923

CUPS 1.1.20 and earlier records authentication information for a device URI in the errorlog file, which allows local users to obtain user names and passwords...

CVE-2004-0923

CUPS 1.1.20 and earlier records authentication information for a device URI in the errorlog file, which allows local users to obtain user names and passwords...