7746 matches found
CVE-2004-2275
i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter...
FreeBSD : perl -- vulnerabilities in PERLIO_DEBUG handling (a5eb760a-753c-11d9-a36f-000a95bc6fae)
Kevin Finisterre discovered bugs in perl's I/O debug support : - The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 - A buffer overflow may occ...
igallery33.txt
Hat-Squad Advisory: i-Gallery directory traversal Product: i-Gallery Vendor Url: http://www.b-cp.com Version: 3.3 older versions not tested , but assumed vulnerable Vulnerability: Directory traversal and CSS bug Release Date: Vendor Status: Informed: 15 June 2005 Second Contact: 19 June 2005...
i-Gallery Traversal File Access / XSS
Binary data 3026.prm...
CVE-2005-2033
The CVE concerns i-Gallery by Blue-Collar Productions (version up to 3.3). A directory traversal flaw in folderview.asp allows an unauthenticated user to read arbitrary files and directories via the folder parameter. Connected Nessus data also notes potential XSS issues in i-Gallery
CVE-2002-1668
HP-UX 11.11 and earlier allows local users to cause a denial of service kernel deadlock, due to a "file system weakness" that is possibly via an mmap system call and performing an I/O operation using data from the mapped buffer on the file descriptor for the mapped file...
[Hat-Squad] i-Gallery directory traversal
Hat-Squad Advisory: i-Gallery directory traversal Product: i-Gallery Vendor Url: http://www.b-cp.com Version: 3.3 older versions not tested , but assumed vulnerable Vulnerability: Directory traversal and CSS bug Release Date: Vendor Status: Informed: 15 June 2005 Second Contact: 19 June 2005...
i-Gallery <= 3.3 Multiple Vulnerabilities
The remote host is running i-Gallery, a web-based photo gallery from Blue-Collar Productions. The installed version of i-Gallery fails to sanitize user-supplied input before using it as a folder name in several scripts. An unauthenticated attacker can exploit this flaw to access files and folders...
CVE-2005-2033
Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter...
I-Gallery - Folder Argument Cross-Site Scripting
I-Gallery - Folder Argument Cross-Site Scripting source: https://www.securityfocus.com/bid/14002/info i-Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'folder' parameter of 'folderview.asp...
I-Gallery - Folder Argument Directory Traversal
I-Gallery - Folder Argument Directory Traversal source: https://www.securityfocus.com/bid/14000/info i-Gallery is prone to a directory traversal vulnerability. This could let remote attackers access files on the computer in the context of the Web server process...
I-Gallery - Folder Argument Cross-Site Scripting
source: https://www.securityfocus.com/bid/14002/info i-Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'folder' parameter of 'folderview.asp'. An attacker may leverage this issue to have...
I-Gallery - Folder Argument Directory Traversal
source: https://www.securityfocus.com/bid/14000/info i-Gallery is prone to a directory traversal vulnerability. This could let remote attackers access files on the computer in the context of the Web server process...
CVE-2005-1868
I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension...
CVE-2005-1868
I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension...
CVE-2005-1868
I-Man 0.9 and earlier versions are affected by a vulnerability that allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension through the file upload functionality. The underlying issue is a failure to restrict uploaded file types, enabling PHP exe...
PT-2005-2825 · I-Man · I-Man
Name of the Vulnerable Software and Affected Versions: I-Man versions 0.9 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension. This can be done by exploiting the file upload functionality, potentially leadin...
[SA15558] I-Man File Attachments Upload Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
I-Mall Commerce - i-mall.cgi Remote Command Execution
I-Mall Commerce - i-mall.cgi Remote Command Execution I-Mall explo Spawn bash style Shell with webserver uid Greetz z, spax, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my $shiz; my @results; my $probe; my @U; $U1...
I-Mall Commerce (i-mall.cgi) Remote Command Execution Exploit
No description provided by source. I-Mall explo Spawn bash style Shell with webserver uid Greetz z, spax, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my $shiz; my @results; my $probe; my @U; $U1 =...