1331 matches found
CVE-2006-4877
Variable overwrite vulnerability in David Bennett PHP-Post PHPp 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the tableprefix parameter in 1 index.php, 2 profile.php, and 3 header.php...
CVE-2006-4673
The CVE-2006-4673 entry concerns PHP-Fusion 6.01.4 and earlier, where maincore.php applies extract() to superglobals. This enables a global-variable overwriting flaw that can lead to SQL injection via the _SERVER[REMOTE_ADDR] parameter to news.php. The vulnerability arises from unrestricted varia...
security flaw
optionsidentities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS attacks, and write arbitrary files...
SquirrelMail Arbitrary Variable Overwriting Vulnerability
GulfTech Security Research July 14th, 2005 Vendor : The SquirrelMail Project Team URL : http://www.squirrelmail.org/ Version : SquirrelMail 1.4.5-RC1 && Earlier Risk : Variable Overwriting Description: SquirrelMail is a standards-based webmail package written in php. It includes built-in pure PHP...
CVE-2005-2095
optionsidentities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS attacks, and write arbitrary files...
CVE-2005-2095
optionsidentities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS attacks, and write arbitrary files...
CVE-2005-1596
index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the islogged parameter or execute arbitrary code via the maxname2 parameter...
PT-2004-1119 · Unarj · Unarj
Name of the Vulnerable Software and Affected Versions: unarj affected versions not specified Description: The issue is related to a directory traversal vulnerability in the -x extract command line option. This vulnerability allows remote attackers to overwrite arbitrary files by using an arj...
security flaw
Buffer overflow in the extractone function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w working directory command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise...
putsyslog.txt
http://www.rootshell.com/ From [email protected] Wed Jul 8 10:18:27 1998 Date: Wed, 8 Jul 1998 19:08:41 +0200 From: Paul Boehm To: [email protected] Subject: putsyslog hi, users can write messages to syslog and thus hide files in there and bypass quotas.. later they can extract it if they ha...
Security update 1970-01-01
...