Focus/SIS <= 1.0/2.2 - Remote File Inclusion Vulnerabilities

No description provided by source. Focus/SIS =1.0&2.2 Remote file inclusion Download v1.0 : http://unix.freshmeat.net/redir/focussis/64492/urlzip/Focusv1.0.zip v2.2 : http://www.focus-sis.org/download.php?modfunc=file&version=2.2...

Spaminator <= 1.7 (page) Remote File Include Vulnerability

No description provided by source. Spaminator 1.7. $page Remote File Include CreW: ToXiC BuG Found By Drago84 SourcE CodE: http://freshmeat.net/redir/spaminator/16281/urltgz/spaminator-1.7.tar.gz Page Affect is: /src/Login.php Problem is include $page.php; Path : Declare $page ExpL:...

ImgSvr <= 0.6.5 (long http post) Denial of Service Exploit

No description provided by source. !/usr/bin/perl Proof of concept. Credit's:to n00b for finding this bug. Afected :ImgSvr.exe Download softwear: http://freshmeat.net/projects/imgsvr/ Crash the server with overly long http post request.. Main site of affected product...

See-Commerce <= 1.0.625 (owimg.php3) Remote Include Vulnerability

No description provided by source. See-Commerce Remote File Inclusion CreW: ToXiC Bug Found by Drago84 Source Code: http://freshmeat.net/redir/seecommerce/14016/urlzip/sc-1.0.625.zip Problem Is: require$path./ow.inc; Page Affect: http://site/see-commerce directory/owimg.php3?path=evil script Grea...

Group-Office命令注入和SQL注入漏洞

Bugtraq ID: 48941 CNCAN ID：CNCAN-2011080103 Group-Office是一个基于Web的办公套件，其功能包括用户管理、模块管理、邮件客户端、 文件管理器、日程、项目管理以及客户关系管理等等。 Group-Office存在多个安全漏洞，允许攻击者进行SQL注入攻击或以WEB权限执行任意命令。 -部分未明输入在用于SQL查询时缺少正确过滤，攻击者可以利用漏洞注入任意SQL操作数据库或获得敏感信息。 -部分输入在使用之前缺少过滤，攻击者可以利用漏洞注入和执行任意命令。 Intermesh Group-Office 3.7.23 厂商解决方案...

Mobius Forensic Toolkit v0.5.8 Released

Mobius Forensic Toolkit v0.5.8 Released Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tool...

Mobius Forensic Toolkit v0.5.7 released !

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tool. Changelog Six news registry reports were...

OpenWebMail Multiple XSS Vulnerabilities

This host is installed with OpenWebMail and is prone to multiple cross-sites scripting vulnerabilities. OpenVAS Vulnerability Test $Id: secpodopenwebmailmultxssvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ OpenWebMail Multiple XSS Vulnerabilities Authors: Nikita MR Copyright: Copyright c 2009...

ClamAV UPack拒绝服务和cli_url_canon()栈溢出漏洞

BUGTRAQ ID: 34446 CVECAN ID: CVE-2009-1371,CVE-2009-1372 Clam AntiVirus是Unix的GPL杀毒工具包，很多邮件网关产品都在使用。 ClamAV的libclamav/phishcheck.c文件中的cliurlcanon函数存在栈溢出漏洞，远程攻击者可以通过提交恶意的URL来触发这个溢出，导致执行任意代码。 如果用户使用ClamAV扫描到了UPack编码的畸形文件的话，libclamav/others.h文件的CLIISCONTAINED宏中的安全漏洞可能导致应用程序崩溃。 ClamAV 0.95.1 ClamAV...

CGIForum远程目录遍历漏洞

BugCVE: CVE-2000-1171 BUGTRAQ: 1963 DC Scripts DCForum是一个商业版CGI脚本，用于在线WWW方式讨论。DCForum实现上存在输入验证漏洞，远程攻击者可以利用此漏洞遍历服务器目录。 DC Scripts DCForum未能正确检查来自用户输入的 thesection 变量值，利用 ../ 攻击方式，远程攻击者可以利用一个精心准备的URL请求导致脚本遍历服务器根目录，进而获取敏感信息。所能访问的文件取决于Web服务器当前启动的用户身份，一般是nobody。 1.0 临时解决方法：...

nfs-utils软件包hosts_ctl()函数绕过安全限制漏洞

BUGTRAQ ID: 31823 CVECAN ID: CVE-2008-4552 nfs-utils软件包可提供内核NFS服务器和相关工具的守护程序。 nfs-utils软件包的TCP封装程序实现用错误的参数序列调用了hostsctl函数，远程攻击者可以绕过对NFS netgroup所实施的访问控制规则，获得对受限服务的访问。 sourceforge nfs-utils 1.0.9 sourceforge ----------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://freshmeat.net/projects/nfs-utils/...

observer-exec.txt

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl observer $output"; ... Bug2: ./observer-0.3.2.1/html/netcmd.php ... switch $GETcmd case 'whois': $output = /usr/bin/whois $GETquery...

ClamAV 'libclamav/pe.c' MEW压缩PE文件整数溢出漏洞

ClamAV是一款流行的反病毒应用程序。 Clam AntiVirus解析MEW压缩成的PE文件存在整数溢出，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击，可能导致任意代码执行。 在处理此PE文件时，两可不可信的值直接来自文件而没有任何检查，这些值之后用于算术运算来计算要分配的堆缓冲区，此计算可导致整数溢出，可能以应用程序进程权限执行任意指令。 Clam Anti-Virus ClamAV 0.91.2 升级程序： Clam Anti-Virus ClamAV 0.91.2 Clam Anti-Virus ClamAV 0.92...

Focus/SIS <= 1.0/2.2 Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== Focus/SIS 1.0&2.2 Remote file inclusion Download v1.0 : http://unix.freshmeat.net/redir/focussis/64492/urlzip/Focusv1.0.zip...

FocusSIS 1.02.2 - Remote File Inclusion

FocusSIS 1.02.2 - Remote File Inclusion Focus/SIS =1.0&2.2 Remote file inclusion Download v1.0 : http://unix.freshmeat.net/redir/focussis/64492/urlzip/Focusv1.0.zip v2.2 : http://www.focus-sis.org/download.php?modfunc=file&version=2.2...

enetman-rfi.txt

Title : eNetman - The Enchanced Network Manager Remote File Inclusion URL : http://freshmeat.net/projects/enetman/ Author : JaheeM Exploit : senetman/html/index.php?page= Thanks To : asc, IRC.ASCNET.BIZ...

eNetman v.20050830 (index.php page) Remote File Inclusion Vulnerability

No description provided by source. Title : eNetman - The Enchanced Network Manager Remote File Inclusion URL : http://freshmeat.net/projects/enetman/ Author : JaheeM Exploit : senetman/html/index.php?page= Thanks To : asc, IRC.ASCNET.BIZ sebug.net...

eNetman 20050830 - &#039;index.php&#039; Remote File Inclusion

Title : eNetman - The Enchanced Network Manager Remote File Inclusion URL : http://freshmeat.net/projects/enetman/ Author : JaheeM Exploit : senetman/html/index.php?page= Thanks To : asc, IRC.ASCNET.BIZ milw0rm.com 2007-09-03...

eNetman v.20050830 (index.php page) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ======================================================================= eNetman v.20050830 index.php page Remote File Inclusion Vulnerability ======================================================================= Title : eNetman - The...

ImLib库_LoadBMP函数拒绝服务漏洞

BUGTRAQ ID: 24750 Imlib是一种图形浏览应用文件库，用于Gnome图形用户环境。 Imlib在处理畸形格式的BMP图像文件时存在漏洞，攻击者可能利用此漏洞导致使用了程序库的应用陷入死循环。 Imlib库的LoadBMP函数从BMP文件读取了BPP值并使用该值确定在主文件处理循环中的每一步应读取多少位，但以下行没有正确地检测无效的值0x0000： if bpp != 1 && bpp != 4 && bpp != 8 && bpp && 16 && bpp != 24 && bpp != 32 fprintfstderr, "IMLIB ERROR: unknown...