2514 matches found
WordPress Plugin Is-human 1.4.2 - Remote Command Execution
WordPress Plugin Is-human 1.4.2 - Remote Command Execution Exploit Title: is-human 1.4.2 and prior Worpdress plugin. Date: 16.05.2011 Author: neworder www.neworder-ind.net Software Link: http://wordpress.org/extend/plugins/is-human/ Version: 1.4.2 Tested on: Linux Platform The vulnerability exist...
WordPress Plugin Is-human 1.4.2 - Remote Command Execution
Exploit Title: is-human 1.4.2 and prior Worpdress plugin. Date: 16.05.2011 Author: neworder www.neworder-ind.net Software Link: http://wordpress.org/extend/plugins/is-human/ Version: 1.4.2 Tested on: Linux Platform The vulnerability exists in /is-human/engine.php . It is possible to take control ...
WordPress Is-Human Plugin - Remote Command Execution Vulnerability
The vulnerability exists in /is-human/engine.php. It takes control of the eval function via the "type" parameter, when the "action" is set to log-reset. Solution Point the $ishum-get array variable into $ishum-getih and point it to php stored function errorlog if you want to close the execution...
Is-Human 1.4.2 WordPress Plugin Command Execution
Exploit Title: is-human 1.4.2 and prior Worpdress plugin. Date: 16.05.2011 Author: neworder www.neworder-ind.net Software Link: http://wordpress.org/extend/plugins/is-human/ Version: 1.4.2 Tested on: Linux Platform The vulnerability exists in /is-human/engine.php . It is possible to take control ...
PHP code execution vulnerability references summary-vulnerability warning-the black bar safety net
A code execution function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: The second file contains the code injection The file containing the function in the specific...
Mozilla Firefox/SeaMonkey "eval()"函数安全限制绕过漏洞
BUGTRAQ ID: 46643 CVE ID: CVE-2011-0051 Mozilla Firefox(正式缩写为 Fx,非正式缩写为FF),俗称火狐(目前无官方中文名),是由Mozilla基金会与开源团体共同开发的网页浏览器。SeaMonkey 包括浏览器、电子邮件及新闻组客户端、IRC聊天客户端以及简单的 HTML 编辑器。 Mozilla Firefox/SeaMonkey "eval"函数在实现上存在安全限制绕过漏洞,攻击者可利用此漏洞诱使用户接受任何对话。 Mozilla Firefox 3.x Mozilla SeaMonkey 2.x 厂商补丁: Mozilla...
CVE-2011-1095
locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...
DEBIAN-CVE-2011-1095
locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...
glibc: insufficient quoting in the locale command output
locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...
Debian DSA-2187-1 : icedove - several vulnerabilities
Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. - CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by ParanoidFragmentSink was incomplete. - CVE-2011-0051 Zach Hoffmann discovered that incorrect parsin...
Mozilla Foundation Security Advisory 2011-02
Mozilla Foundation Security Advisory 2011-02 Title: Recursive eval call causes confirm dialogs to evaluate to true Impact: Critical Announced: March 1, 2011 Reporter: Zach Hoffman Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.14 Firefox 3.5.17 SeaMonkey 2.0.12 Description Security researcher...
CVE-2011-0051
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges...
CVE-2011-0051
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges...
Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02)
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges...
Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02)
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges...
CVE-2011-0051
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges...
Recursive eval call causes confirm dialogs to evaluate to true — Mozilla
Security researcher Zach Hoffman reported that a recursive call to eval wrapped in a try/catch statement places the browser into a inconsistent state. Any dialog box opened in this state is displayed without text and with non-functioning buttons. Closing the window causes the dialog to evaluate t...
Symantec IM Manager IMAdminSchedTask.asp Eval Code Injection Remote Code Execution (SYM11-004)
The version of Symantec IM Manager installed on the remote Windows host is earlier than 8.4.17. The 'ScheduleTask' method exposed by the 'IMAdminSchedTask.asp' page fails to properly sanitize user input to a POST variable before using it in an 'eval' call. If a logged in console user can be trick...
XYCMS law firm built Station system V1. 0 multi-flaw-vulnerability warning-the black bar safety net
XYCMS law firm built Station system V1. 0 http://down.admin5.com/asp/71909.html B0mbErM@n ; 2011-2-18 eWebEditor http://127.0.0.1:99/system/xyeWebEditor/admin/login.asp User=XY2010 Pass=XY2010 XSS http://127.0.0.1:99/online.asp Qq:XSS Mail:XSS Photo:XSS Contents:XSS Eval...
ZDI-11-037: Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability
ZDI-11-037: Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-037 January 31, 2011 -- CVE ID: CVE-2010-3719 -- CVSS: 8.5, AV:N/AC:M/Au:S/C:C/I:C/A:C -- Affected Vendors:...