159 matches found
piwik -- php code execution
secunia reports: Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the core/Cookie.php script using "unserialize" with user controlled input. This can be exploited to e.g. execute...
NetScaler web management cookie cipher weakness
The remote web server is prone to an information disclosure attack. Description : The version of the Citrix NetScaler web management interface on the remote host uses weak encryption for protecting the HTTP cookie content by XORing sensitive values, including the username and password, with a fix...
Fuzzylime CMS 3.01 - poll Remote Code Execution (Perl)
Fuzzylime CMS 3.01 - poll Remote Code Execution Perl !/usr/bin/perl !!UPDATED!!!!UPDATED!!!!UPDATED!!!!UPDATED!!!!UPDATED!!!!UPDATED!!!!UPDATED!! after i noticed that there was a problem changing $cmd,i fixed it.this is the result. Fuzzylime 3.01 Remote Code Execution Credits: real and inphex C:...
SH-News 3.0 - Insecure Cookie Handling
...:::::SH-News 3.0 Insecure Cookie Handling Vulnerability ::::.... Virangar Security Team www.virangar.net www.virangar.ir -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to my best friend in...
NetScaler Web Management Interface Cookie Credentials Encryption Weakness
The version of the Citrix NetScaler web management interface on the remote host uses weak encryption for protecting the HTTP cookie content by XORing sensitive values, including the username and password, with a fixed key stream. %NASLMINLEVEL 70300 netscalerwebcookiecrypto.nasl GPLv2 History:...
Code injection
KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service crash via large HTTP cookie parameters...
CVE-2007-6000
KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service crash via large HTTP cookie parameters...
CVE-2007-6000
KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service crash via large HTTP cookie parameters...
CVE-2007-6000
KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service crash via large HTTP cookie parameters...
CVE-2007-6000
CVE-2007-6000 affects KDE Konqueror up to version 3.5.6, allowing remote attackers to trigger a denial of service (crash) by sending large HTTP cookie parameters. Affected software: Konqueror (KDE desktop) prior to 3.5.7(?) with reliance on cookie handling. Root cause details are not extensively ...
IceBB 1.0-rc5 Remote Code Execution Exploit
Exploit for unknown platform in category web applications =========================================== IceBB 1.0-rc5 Remote Code Execution Exploit =========================================== !/usr/bin/perl IceBB 1.0-rc5 Remote Code Execution Exploit 1. register a user 2. run this exploit with this...
phpnukesplat-lfi.txt
!/usr/bin/perl Modulo Splatt Forum v4.0 RC1bbcoderef.php nameLocal File Include Exploit D.Script: http://sourceforge.net/projects/splattforum/ V.Code $modulename = $name; -------- Line : 17 include"modules/".$modulename."/functions.php"; -------- Line : 19 Dork: "Splatt Forum" Discovered & Coded ...
xeCMS 1.0.0 RC 2 (cookie) Remote Command Execution Exploit
Exploit for unknown platform in category web applications ========================================================== xeCMS 1.0.0 RC 2 cookie Remote Command Execution Exploit ========================================================== !/usr/bin/perl xeCMS 1.0.0 RC 2 Remote Command Execution Exploit...
[Full-disclosure] Cross Site Cooking
Why, yes, I came up with the name, and had to find some bugs to be able to post this. Summary ------- There are three fairly interesting flaws in how HTTP cookies were designed and later implemented in various browsers; these shortcomings make it possible and alarmingly easy for malicious sites t...
CVE-2005-2041
Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobotID cookie HTTPCOOKIE...
CVE-2002-1152
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing...
CVE-2002-1152
CVE-2002-1152 concerns Konqueror (KDE) versions 3.0 through 3.0.2. The issue is that Konqueror does not reliably detect the secure flag on HTTP cookies, allowing cookies to be sent over unencrypted channels. This could enable remote attackers to capture cookies via sniffing, potentially compromis...
CVE-2003-0405
Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via 1 an HTTP query or cookie which is processed in the NEEDS command, or 2 an HTTP Referrer that is processed in the VALIDPATHS command...
CVE-2002-1152
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing...