CVE-2010-2787

api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim...

CVE-2010-2787

CVE-2010-2787 affects MediaWiki up to version 1.15.4 (public caching headers used for private data). Remote attackers could bypass access controls by retrieving documents from a shared HTTP proxy cache previously used by a victim. Impact: partial disclosure of sensitive data. Mitigation: upgrade ...

CVE-2010-2787

api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim...

Design/Logic Flaw

Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper...

CVE-2011-1469

CVE-2011-1469 : Unspecified vulnerability in the Streams component of PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL while using an HTTP proxy with the FTP wrapper. Affected docs reference PHP 5.3.6 as the fix milest...

CVE-2011-1469

Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper...

CVE-2011-1469

Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service application crash by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper...

IF-CMS 2.07 - Local File Inclusion (1)

IF-CMS 2.07 - Local File Inclusion 1 !/usr/bin/python INFORMATION Exploit Title: If-CMS 2.07 Pre-Auth Local File Inclusion 0day Exploit Author: TecR0c Date: 13/3/2011 Software link: http://bit.ly/hh9ZB4 Tested on: Linux bt Version: 2.07 PHP.ini Settings: gpcmagicquotes = Off import...

Vtiger CRM 5.0.4 Local File Inclusion

!/usr/bin/python INFORMATION: Exploit Title: Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit Google Dork: "The honest Open Source CRM" "vtiger CRM 5.0.4" Date: 5/3/2011 CVE: CVE-2009-3249 Windows link: http://bit.ly/fiOYCL Linux link: http://bit.ly/hluzLf Tested on: Windows XP/Linux Ubuntu...

Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit

Exploit for php platform in category web applications !/usr/bin/python INFORMATION: Exploit Title: Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit Google Dork: "The honest Open Source CRM" "vtiger CRM 5.0.4" Date: 5/3/2011 CVE: CVE-2009-3249 Windows link: http://bit.ly/fiOYCL Linux link:...

vTiger CRM 5.0.4 - Local File Inclusion

!/usr/bin/python INFORMATION: Exploit Title: Vtiger CRM 5.0.4 Pre-Auth Local File Inclusion Exploit Google Dork: "The honest Open Source CRM" "vtiger CRM 5.0.4" Date: 5/3/2011 CVE: CVE-2009-3249 Windows link: http://bit.ly/fiOYCL Linux link: http://bit.ly/hluzLf Tested on: Windows XP/Linux Ubuntu...

jakCMS 2.01 RC1 Blind SQL Injection

!/usr/bin/python jakCMS = v2.01 RC1 Blind SQL Injection Exploit Understanding: The parameters 'JAKCOOKIENAME' and 'JAKCOOKIEPASS' are parsed via cookies to the application and are unchecked for malicious characters. The contents of these variables are directly inserted into an SQL statement,...

Lingxia I.C.E CMS Blind SQL Injection

!/usr/bin/python ICE CMS Blind SQLi 0day. mrme@pluto ice$ python icecold.py -p localhost:8080 -t 10.3.100.25:8500 -d /ice/ | ---------------------------------------------------- | | Lingxia I.C.E CMS Remote Blind SQL Injection Exploit | | by mrme - net-ninja.net --------------------------- | +...

Openedit <= v5.1294 Remote Code Execution Exploit

Exploit for jsp platform in category web applications !/usr/bin/python Openedit = v5.1294 Remote Code Execution Exploit http://net-ninja.net/blog/?p=553 watch http://www.zeitgeistmovie.com/ Explanation: Vuln 1: Admin hash disclosure Vuln 2: Login with the hash Vuln 3: Unprotected file upload...

Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit

No description provided by source. !/usr/bin/python Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit greetz Tecr0C :0 Vuln: lines 15-23 in core/lib/router.php ---------- sof //Get page request if any $page = $this-getInputString"page", "index"; //Get plugin request if any $plugin =...

Lotus CMS Fraise 3.0 - Local File Inclusion / Remote Code Execution

!/usr/bin/python Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit greetz Tecr0C :0 Vuln: lines 15-23 in core/lib/router.php ---------- sof //Get page request if any $page = $this-getInputString"page", "index"; //Get plugin request if any $plugin = $this-getInputString"system", "Page"; //...

CVE-2010-4488

Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service application crash via unspecified vectors...

CVE-2010-4488

Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service application crash via unspecified vectors...

CVE-2010-4488

Removed by vendor...

CVE-2010-4488

Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service application crash via unspecified vectors...