PHP 4.x5.0.x - Arbitrary File Upload GLOBAL Variable Overwrite

PHP 4.x5.0.x - Arbitrary File Upload GLOBAL Variable Overwrite source: https://www.securityfocus.com/bid/15250/info PHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests. By exploiting this issue, remote attackers may be able to overwrite th...

CVE-2004-2517

The OpenVAS entries confirm a concrete issue in myServer 0.7.1: a remote denial-of-service caused by sending a specially crafted HTTP POST to index.html with View=Logon, leading to the server crash or stop in responding. Affected component is the HTTP POST handling for the Logon operation; the vu...

CVE-2004-2517

myServer 0.7.1 allows remote attackers to cause a denial of service crash via a long HTTP POST request in a View=Logon operation to index.html...

EasyGuppy 4.5.44.5.5 - Printfaq.php Directory Traversal

EasyGuppy 4.5.44.5.5 - Printfaq.php Directory Traversal source: https://www.securityfocus.com/bid/14984/info EasyGuppy is prone to a directory traversal vulnerability. The application fails to properly sanitize input supplied through HTTP POST requests or cookies. Exploitation of this vulnerabili...

Hesk 0.920.93 - Session ID Authentication Bypass

Hesk 0.920.93 - Session ID Authentication Bypass source: https://www.securityfocus.com/bid/14879/info Hesk is prone to an authentication bypass vulnerability. Successful exploitation will grant an attacker administrative access to the application. This can lead to unauthorized access of sensitive...

CuteNews 1.4.0 - Shell Injection Remote Command Execution

CuteNews 1.4.0 - Shell Injection Remote Command Execution ?php cutenxpl.php CuteNews 1.4.0possibly prior versions remote code execution by rgod site: http://rgod.altervista.org usage: launch form Apache, fill in requested fields, then go! make these changes in php.ini if you have troubles with th...

CVE-2005-2799

Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request...

CVE-2005-2912

Linksys WRT54G router allows remote attackers to cause a denial of service CPU consumption and server hang via an HTTP POST request with a negative Content-Length value...

CVE-2005-2912

CVE-2005-2912 affects Linksys WRT54G Wireless Router. The vulnerability is a denial-of-service condition caused by sending an HTTP POST request with a negative Content-Length, leading to CPU consumption and the web server hanging. Devices running affected firmware are prone to this DoS. The provi...

MyBulletinBoard (MyBB) 1.0 - Multiple SQL Injections

MyBulletinBoard MyBB 1.0 - Multiple SQL Injections source: https://www.securityfocus.com/bid/14762/info MyBulletinBoard is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in an SQL query. Successful...

CVE-2005-2691

includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTROVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code...

[Full-disclosure] User privilege escalation exploit.

Vendor: CyberSource Version: Business Center, Essentials/Small Business, https://businesscenter.cybersource.com/ Severity: Vulnerability allows malicious employees or comprimised accounts to steal money. Vendor Status: Notified, expects to fix issue some time in 2006. Overview: Business Center is...

CVE-2002-2081

cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service disk consumption via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp...

WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection

!/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server vulnerabilities I discovered to extract a...

CVE-2005-1708

The CVE affects Blue Coat Reporter before 7.1.2, where templates.admin.users.user_form_processing allows an authenticated user to elevate to administrator by sending an HTTP POST that sets volatile.user.administrator to true. Root cause is improper handling of admin-flag assignment via user form ...

CVE-2005-1708

templates.admin.users.userformprocessing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true...

CVE-2005-1708

templates.admin.users.userformprocessing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true...

CVE-2004-2086

Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP POST request with a long query parameter...

CVE-2003-1198

connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field...

CVE-2003-1198

CVE-2003-1198 affects Cherokee Web Server prior to 0.4.6, where a remote attacker can cause a denial of service by sending an HTTP POST request without a Content-Length header. OpenVAS/Nessus entries corroborate a remote DoS vulnerability in Cherokee’s POST handling. The mitigation is to upgrade ...