phpizabi-traverse.txt

PHPizabi v0.848b traversal file access Vendor url:http://www.phpizabi.net/ Advisore:http://lostmon.blogspot.com/2008/08/ phpizabi-v0848b-traversal-file-access.html Vendor notify:no exploit available:yes Description By vendor page: PHPizabi is one of the most powerful social networking platforms o...

xampp-xss.txt

---------------------------------------------------------------- Program : Xampp Linux 1.6.7 Type : Multiple Cross Site Scripting Vulnerabilities Alert : Medium ---------------------------------------------------------------- Download From :...

SmbClientParser shell characters vulnerability

Shell characters vulnerability with shared folder names...

[ISecAuditors Security Advisories] SmbClientParser Perl module allows remote command execution

============================================= INTERNET SECURITY AUDITORS ALERT 2006-006 - Original release date: February 28, 2006 - Last revised: July 18th, 2008 - Discovered by: Jesus Olmos Gonzalez - Severity: 5/5 ============================================= I. VULNERABILITY...

SmbClientParser 2.7 Perl Module - Remote Command Execution

source: https://www.securityfocus.com/bid/30290/info The SmbClientParser Perl module is prone to a remote command-execution vulnerability because it fails to sufficiently sanitize user-supplied data. Successfully exploiting this issue will allow an attacker to execute arbitrary commands with the...

Pragyan CMS 2.6.2 (sourceFolder) Remote File Inclusion Vulnerability

No description provided by source. In The Name Of GOD ------------------------------------------------------------- - Persian Boys Hacking Team -:- 2008 - - discovered by N3TR00T3R at Y! dot com - pragyan 2.6.2 Remote File Includion - download...

Windows资源管理器保存搜索文件远程代码执行漏洞（MS08-038）

BUGTRAQ ID: 30109 CVECAN ID: CVE-2008-1435 Microsoft Windows是微软发布的非常流行的操作系统。 Windows资源管理器没有正确地解析保存搜索（.search-ms）文件。如果用户受骗打开并保存了特制的.search-ms文件的话，Windows资源管理器就会退出并以可利用的方式重新启动，导致在用户系统上执行任意指令。 Microsoft Windows Vista SP1 Microsoft Windows Vista Microsoft Windows Server 2008 临时解决方法：...

WeFi information leak

Log files are stored in world-readable folder...

UoW pop2d Remote File Retrieval Vulnerability

This module exploits a vulnerability in the FOLD command of the University of Washington ipop2d service. By specifying an arbitrary folder name it is possible to retrieve any file which is world or group readable by the user ID of the POP account. This vulnerability can only be exploited with a...

CVE-2008-2463

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message,...

Code injection

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message,...

CVE-2008-2463

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message,...

Directory traversal

Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ dot dot backslash sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOT...

CVE-2008-2779

Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ dot dot backslash sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOT...

CVE-2008-2779

Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ dot dot backslash sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOT...

Folder Lock 5.9.5 - Weak Password Encryption Local Information Disclosure

Folder Lock 5.9.5 - Weak Password Encryption Local Information Disclosure source: https://www.securityfocus.com/bid/30766/info Folder Lock is prone to an information-disclosure vulnerability because it stores credentials in an insecure manner. A local attacker can exploit this issue to obtain...

Directory traversal

Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by...

CVE-2008-2702

Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by...

Directory traversal

Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. dot dot in 1 a response to a LIST command from the BitKinex FTP client and 2 a response to a PROPFIND command from the BitKinex WebDAV client. NOTE:...

Directory traversal

Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. dot dot sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup...