CVE-2004-1571

AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to 1 auto-acronyms.php, 2 auto-archive.php, 3 ount-article-views.php, 4 kses.php, 5 custom-quick-tags.php, 6 disable-all-comments.php, 7 easy-date-format.php, 8 enable-disable-comments.php, 9...

CVE-2004-1572

AJ-Fork 167 does not restrict access to directories such as 1 data, 2 inc, 3 plugins, 4 skins, or 5 tools, which allows remote attackers to list files in those directories via a direct HTTP request...

CVE-2004-1572

AJ-Fork 167 is vulnerable to an information-disclosure flaw where access to directories (data, inc, plugins, skins, tools) is not restricted, enabling remote attackers to list files via direct HTTP requests. The CVE-2004-1572 entry documents this risk, with impact limited to exposure of directory...

CVE-2004-1573

The CVE-2004-1573 entry concerns AJ-Fork 167 where insecure file permissions on users.db.php (set to 777) allow local users to execute arbitrary PHP code and gain administrator privileges. The vulnerability’s impact is (local) arbitrary code execution with full privileges as described; exploitati...

CVE-2004-1571

AJ-Fork 167 is affected by an information-disclosure vulnerability where direct requests to 13 PHP scripts (auto-acronyms.php, auto-archive.php, ount-article-views.php, kses.php, custom-quick-tags.php, disable-all-comments.php, easy-date-format.php, enable-disable-comments.php, filter-by-author.p...

CVE-2004-1573

The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator...

CVE-2004-1571

AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to 1 auto-acronyms.php, 2 auto-archive.php, 3 ount-article-views.php, 4 kses.php, 5 custom-quick-tags.php, 6 disable-all-comments.php, 7 easy-date-format.php, 8 enable-disable-comments.php, 9...

CVE-2004-1572

AJ-Fork 167 does not restrict access to directories such as 1 data, 2 inc, 3 plugins, 4 skins, or 5 tools, which allows remote attackers to list files in those directories via a direct HTTP request...

Echo Security Advisory 2004.7

ECHOADV07$2004 --------------------------------------------------------------------------- Multiple Vulnerabilities in AJ-Fork --------------------------------------------------------------------------- Author: y3dips Date: September, 23th 2004 Location: Indonesia, Jakarta Web:...

AJ-Fork Permission Weakness Information Disclosure

Binary data 2342.prm...

Multiple Vulnerabilities in AJ-Fork

ECHOADV07$2004 --------------------------------------------------------------------------- Multiple Vulnerabilities in AJ-Fork --------------------------------------------------------------------------- Author: y3dips Date: September, 23th 2004 Location: Indonesia, Jakarta Web:...

Debian DSA-339-1 : semi - insecure temporary file

NOTE: due to a combination of administrative problems, this advisory was erroneously released with the identifier 'DSA-337-1'. DSA-337-1 correctly refers to an earlier advisory regarding gtksee. semi, a MIME library for GNU Emacs, does not take appropriate security precautions when creating...

linux/x86 cp /bin/sh /tmp/katy ; chmod 4555 katy 126 bytes

linux/x86 cp /bin/sh /tmp/katy ; chmod 4555 katy 126 bytes. Shellcode exploit for linx86 platform / Linux/x86 /bin/cp /bin/sh /tmp/katy ; chmod 4555 /tmp/sh using fork / include char shellcode = "\xeb\x5e\x5f\x31\xc0\x88\x47\x07\x88\x47\x0f\x88\x47\x19\x89\x7f"...

linux/x86 portbind port 5074 + fork 130 bytes

linux/x86 portbind port 5074 + fork 130 bytes. Shellcode exploit for linx86 platform / [email protected] 0x9abril0x7d2 syssocketcall 102 0x66 %eax, esta es nuestra rutina principal. En todas las subrutinas vamos a necesitar a: %eax = 0x66. Luego del archivo include/linux/net.h obtenemos l...

linux/x86 portbind port 5074 + fork() 130 bytes

No description provided by source. / [email protected] 0x9abril0x7d2 syssocketcall 102 0x66 %eax, esta es nuestra rutina principal. En todas las subrutinas vamos a necesitar a: %eax = 0x66. Luego del archivo include/linux/net.h obtenemos la siguiente lista, echenle un vistazo. Entonces en...

linux/x86 portbind port 5074 + fork() 130 bytes

Exploit for linux/x86 platform in category shellcode =============================================== linux/x86 portbind port 5074 + fork 130 bytes =============================================== / email protected 0x9abril0x7d2 syssocketcall 102 0x66 %eax, esta es nuestra rutina principal. En toda...

Fedora Core 1 : kernel-2.4.22-1.2129.nptl (2003-026)

The kernel shipped with Fedora Core 1 was vulnerable to a bug in the error return on a concurrent fork with threaded exit which could be exploited by a user level program to crash the kernel. In addition to this bug fix, the changelog below details various other non-security fixes that have been...

security flaw

The dofork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mmcount counter when an error occurs after the mmstruct for a child process has been activated, which triggers a memory leak that allows local users to cause a denial of service memory...

tmpwatch: local DoS : fork()bomb as root

sent through bugzilla.redhat.com no reply from responsible person. here it goes. Local DoS in /usr/sbin/tmpwatch. root forkbombs himself. tmpwatch is a bad boy Summary Local people can stop things working, and force you to reboot.  Longer summary Any user with write access to /tmp or /var/tmp ca...

PT-2013-6331 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.15.4 Description: The issue is related to the Linux kernel's handling of non-canonical values for the saved RIP address in system calls that do not use IRET. This can allow local users to leverage a race...