PHP 5.3.x < 5.3.4 Multiple Vulnerabilities

Binary data 5732.prm...

php -- corruption of $GLOBALS and $this variables via extract() method

Off-by-one error in the sanity validator for the extract method allowed attackers to replace the values of $GLOBALS and $this when mode EXTROVERWRITE was used...

Sablog-X v2.x 任意变量覆盖漏洞

由于Sablog-x v2.x的common.inc.php里$EVO初始化处理存在逻辑漏洞，导致可以利用extract来覆盖任意变量，最终导致xss、sql注射、代码执行等很多严重的安全漏洞。 common.inc.php代码里： .... $onoff = functionexists'iniget' ? iniget'registerglobals' : getcfgvar'registerglobals'; if $onoff != 1 @extract$COOKIE, EXTRSKIP; @extract$POST, EXTRSKIP; @extract$GET,...

mysql_error() XSS Vulnerability

不正确使用mysqlerror导致的Vul。当然前提是$db可以覆盖，那么就很鸡肋了，或者就不能叫Vul了，O∩∩OJust For Fun mysqlerror http://hi.baidu.com/menzhi007/blog/item/7583dc0390316d7d3912bbbf.html ?php $db='menzhi007'; extract$GET; $link = mysqlconnect"localhost", "root", ""; mysqlselectdb$db, $link; echo mysqlerror$link; ?...

Web mirroring

This script makes a mirror of the remote web site and extracts the list of CGIs that are used by the remote host. It is suggested that you allow a long-enough timeout value for this test routine and also adjust the setting on the number of pages to mirror. SPDX-FileCopyrightText: 2009 Renaud...

FreeWebShop Detection

Detection of FreeWebShop. The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

php vulnerability session register_globals login security-vulnerability warning-the black bar safety net

The first to see this a simple piece of code When php. ini in the configuration registerglobals = Off, Without any problems, Output yes But When php. ini in the configuration registerglobals = On time, First run output yes And refresh, the display is no Obviously this is not normal, This is a ver...

Directory traversal

Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter...

CVE-2008-6334

The CVE-2008-6334 entry concerns a directory traversal vulnerability in the download.php component of the eMetrix Extract Website, allowing remote attackers to read arbitrary files by supplying a .. in the filename parameter. This vulnerability is documented across multiple sources (NVD, CVEList,...

Fedora Update for exiv2 FEDORA-2007-4551

Check for the Version of exiv2 OpenVAS Vulnerability Test Fedora Update for exiv2 FEDORA-2007-4551 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Fedora Update for chmsee FEDORA-2008-8399

Check for the Version of chmsee OpenVAS Vulnerability Test Fedora Update for chmsee FEDORA-2008-8399 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Extract Website (download.php filename) File Disclosure Vulnerability

Exploit for unknown platform in category web applications ===================================================================== Extract Website download.php filename File Disclosure Vulnerability ===================================================================== Extract Website download.php...

Extract Website - Filename File Disclosure

Extract Website - Filename File Disclosure Extract Website download.php filename Local File Include author : Cold z3ro, http://www.hackteach.org/ script : http://secure.emetrix.com/order/product.asp?PID=74332316 demo : http://www.rightscripts.com/extractwebsite/ about : This tool help you extract...

Stash 1.0.3 - SQL Injection User Credentials Disclosure

Stash 1.0.3 - SQL Injection User Credentials Disclosure !/usr/bin/perl -w User credentials disclosure exploit - stash103exp.pl Gnix http://gnix.netsons.org This exploit use an SQL Injection in the file admin/login.php to bypass the login, and then an SQL Injection in the admin/news.php to extract...

CVE-2008-4191

extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file...

CVE-2008-4191

extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file...

DEBIAN-CVE-2008-4191

extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file...

CVE-2008-4191

extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file...

Arbitrary file deletion

extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file...

CVE-2008-4191

CVE-2008-4191 affects Emacspeak 26 and 28, where extract-table.pl can be exploited by a local user via a symlink attack on the temporary file extract-table.csv, enabling overwriting arbitrary files. The vulnerability arises from insecure handling of a /tmp-like file, with impact described as loca...