ifoto-traversal.txt

ifoto traversal folder enumeration Vendor url:http://ifoto.ireans.com/ Advisore:http://lostmon.blogspot.com/2007/07/ ifoto-traversal-folder-enumeration.html vendor notify:no exploit include:yes ifoto contains a flaw that allows a remote traversal arbitrary folder enumeration.This flaw exists...

Design/Logic Flaw

index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name...

CVE-2007-3968

index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name...

Internet Explorer drag-n-drop vulnerability

By using javaasript in conjunction with shell:startup it's possible to place executable into startup folder if user drags an object on the page or scrolls the page...

Microsoft Windows Vista/2003/XP/2000 file management security issues

Title: Microsoft Windows Vista/2003/XP/2000 file management security issues Author: 3APA3A, http://securityvulns.com/ Vendor: Microsoft and potentially another vendors Products: Microsoft Windows Vista/2003/XP/2000, Microsoft resource kit for Windows 2000 and different utilities. Access Vector:...

evolution malicious server arbitrary code execution

Camel camel-imap-folder.c in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index...

evolution malicious server arbitrary code execution

Camel camel-imap-folder.c in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index...

DEBIAN-CVE-2007-3257

Camel camel-imap-folder.c in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index...

CVE-2007-3158

The CVE-2007-3158 vulnerability affects download_script.asp in ASP Folder Gallery, where a remote attacker can read arbitrary files by supplying a filename in the file parameter. The issue stems from insecure handling of the filename parameter in the download script, enabling potential disclosure...

ASP Folder Gallery Vulnerabilities

------------------------------------------------ Discovered by freeprotect.net member ------------------------------------------------ Vendor site: http://www.tenyearsgone.com Exploit: http://target/aspfoldergallery/downloadscript.asp?file=viewimage.asp This can use to exploit other web...

ASP Folder Gallery - Download_Script.asp Arbitrary File Download

ASP Folder Gallery - DownloadScript.asp Arbitrary File Download source: https://www.securityfocus.com/bid/24345/info ASP Folder Gallery is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this iss...

ASP Folder Gallery - 'Download_Script.asp' Arbitrary File Download

source: https://www.securityfocus.com/bid/24345/info ASP Folder Gallery is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files within the context of the affecte...

Ray Chi-news publishing system(any version)exploit-vulnerability warning-the black bar safety net

Copyright to the vulnerability discoverer focn all, reproduced please keep the article intact, and indicate the source of! This article only do the study with, to any person for any illegal purpose himself does not bear any responsibility! Author: black radish System: ray Chi press release...

R2K Gallery 1.7 (galeria.php lang2) Local File Inclusion Vulnerability

No description provided by source. \|/// \ - - // @ @ ----oOOo---oOOo--------------------------------------------------- Y! Underground Group [email protected] Dj7xpl.2600.ir ----ooooO-----Ooooo-------------------------------------------------- \ / \ /...

R2K Gallery 1.7 - galeria.php?lang2 Local File Inclusion

R2K Gallery 1.7 - galeria.php?lang2 Local File Inclusion \|/// \ - - // @ @ ----oOOo---oOOo--------------------------------------------------- Y! Underground Group [email protected] Dj7xpl.2600.ir ----ooooO-----Ooooo-------------------------------------------------- \ / \ /...

R2K Gallery 1.7 (galeria.php lang2) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ====================================================================== R2K Gallery 1.7 galeria.php lang2 Local File Inclusion Vulnerability ====================================================================== \|/// \ - - // @ @...

R2K Gallery 1.7 - 'galeria.php?lang2' Local File Inclusion

\|/// \ - - // @ @ ----oOOo---oOOo--------------------------------------------------- Y! Underground Group [email protected] Dj7xpl.2600.ir ----ooooO-----Ooooo-------------------------------------------------- \ / \ / --------------------------------------------------------------------- ! Portal...

CVE-2007-2430

shared/code/tcetmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php...

PT-2007-3420 · Maian · Maian Weblog

Name of the Vulnerable Software and Affected Versions: Maian Weblog version 3.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the path to folder parameter in the index.php file. However, it's noted that this issue was disputed by a third-party researche...

ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit

Exploit for unknown platform in category web applications =========================================================== ShoutPro ?php echo "...