W-Agora 4.0 - mail_users.php bn_dir_default Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/28366/info w-Agora is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...

Dawn of Time 1.69 MUD Server Multiple Format String Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/25944/info Dawn of Time MUD server is prone to multiple format-string vulnerabilities. Exploiting these issues will allow attackers to execute arbitrary code with the permissions of a user running the application. Failed...

Orooj CMS 'news.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33908/info Orooj CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

PsychoStats <= 2.3 - Server.PHP Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24039/info PsychoStats is prone to a path-disclosure issue when invalid data is submitted. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerab...

Fujitsu Web-Based Admin View 2.1.2 - Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30780/info Fujitsu Web-Based Admin View is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the application's HTTP server...

PHP-Nuke 8.0 'main/tracking/userLog.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35117/info PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

3D-FTP 8.01 - 'LIST' and 'MLSD' Directory Traversal Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/29749/info 3D-FTP is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues allows an attacker to write arbitrary files to locatio...

Bloq 0.5.4 admin.php page[path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/20512/info Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application and the...

p.mapper 3.2 beta3 plugins/export/mc_table.php _SESSION[PM_INCPHP] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/26614/info p.mapper is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and th...

Image gallery with Access Database dispimage.asp id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21131/info Image gallery with Access Database is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...

S.T.A.L.K.E.R. 1.0.06 - Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29723/info S.T.A.L.K.E.R. game servers are prone to a remote denial-of-service vulnerability because the software fails to handle exceptional conditions when processing user nicknames. Successfully exploiting this issue...

Easy Banner Pro 2.8 info.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21967/info Easy Banner Pro is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the...

RhinoSoft Serv-U FTP Server 7.2.0.1 'rnto' Command Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31563/info RhinoSoft Serv-U FTP server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue allows an attacker to write arbitrar...

WordPress Theme Method Arbitrary File Download Vulnerability

WordPress theme SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mysitemyway:method"; ifdescription...

dpkg Source Package - Index: pseudo-header Processing Multiple Local Directory Traversals

dpkg Source Package - Index: pseudo-header Processing Multiple Local Directory Traversals source: https://www.securityfocus.com/bid/67727/info dpkg is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will...

ICOMM 610 Wireless Modem - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/66593/info ICOMM 610 is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. ICOMM 610 01.01.08.991 and prior are vulnerable...

Hacking Maytag: Coin-Operated Laudromat Machines

Most Maytag commercial washers and dryers out there use a common controller platform. It dates back to the 80s and is still produced. So almost all Maytag with digital control panel is exploitable in this way. The identifying features are green vacuum florescent display with a four-digit numerica...

Redmine Repository Controller Command Execution - Ver2 (CVE-2011-4929)

A command execution vulnerability has been reported in Redmine. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Microsoft Releases Security Advisory for Internet Explorer 9 and 10 Use-After-Free Vulnerability

Microsoft has released Security Advisory 2934088 to address a use-after-free vulnerability in Internet Explorer 9 and 10, which can be used by a remote attacker to take control of a vulnerable system. US-CERT and Microsoft are aware of targeted attacks currently exploiting this vulnerability. Use...

08cms GETSHELL vulnerabilities-vulnerability warning-the black bar safety net

08cms GETSHELL Directly on the Exp ? php / Car CMS4. 1 GBK version: exp index. php? tplname=..%252f..%252fdynamic%252fstats%252faclicks. cac shell /dynamic/tplcache/common/....dynamicstatsaclicks.cac.php Decoration of the CMS: shell: /dynamic/dynamic/stats/aclicks.cac.php / $exp = '/tools/ptool...