7753 matches found
CVE-2005-1868
I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension...
CVE-2005-1868
I-Man 0.9 and earlier versions are affected by a vulnerability that allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension through the file upload functionality. The underlying issue is a failure to restrict uploaded file types, enabling PHP exe...
CVE-2005-1868
I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension...
PT-2005-2825 · I-Man · I-Man
Name of the Vulnerable Software and Affected Versions: I-Man versions 0.9 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension. This can be done by exploiting the file upload functionality, potentially leadin...
[SA15558] I-Man File Attachments Upload Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
I-Mall Commerce - i-mall.cgi Remote Command Execution
I-Mall Commerce - i-mall.cgi Remote Command Execution I-Mall explo Spawn bash style Shell with webserver uid Greetz z, spax, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my $shiz; my @results; my $probe; my @U; $U1...
I-Mall Commerce (i-mall.cgi) Remote Command Execution Exploit
No description provided by source. I-Mall explo Spawn bash style Shell with webserver uid Greetz z, spax, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my $shiz; my @results; my $probe; my @U; $U1 =...
I-Mall Commerce (i-mall.cgi) Remote Command Execution Exploit
Exploit for cgi platform in category web applications ============================================================= I-Mall Commerce i-mall.cgi Remote Command Execution Exploit ============================================================= I-Mall explo Spawn bash style Shell with webserver uid Gree...
I-Mall Commerce - 'i-mall.cgi' Remote Command Execution
I-Mall explo Spawn bash style Shell with webserver uid Greetz z, spax, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my $shiz; my @results; my $probe; my @U; $U1 = "/i-mall/i-mall.cgi?p=|"; sub intro sleep 1; ; sub...
security flaw
Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction...
CVE-2005-0747
ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp...
CVE-2005-0747
The CVE-2005-0747 entry describes an information disclosure in ApplyYourself i-Class where remote attackers can obtain sensitive information about their own applications by reusing a hidden ID field, demonstrated via the id parameter to ApplicantDecision.asp. The vulnerability stems from relying ...
CVE-2005-0295
The CVE-2005-0295 entry concerns npptnt2.sys in nProtect Gameguard, where the kernel driver exposes unrestricted I/O to any process that calls it. This lack of access control permits local users to gain privileges, i.e., a local privilege escalation. The description and connected sources consiste...
perl -- vulnerabilities in PERLIO_DEBUG handling
Kevin Finisterre discovered bugs in perl's I/O debug support: The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 A buffer overflow may occur in...
CVE-2005-0295
npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges...
CVE-2004-2275
i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter...
Webman I-Mall i-mall.cgi Arbitrary Command Execution
The script i-mall.cgi is installed. Some versions of this script are vulnerable to remote command execution flaw, due to insufficient user input sanitization to the 'p' parameter of the i-mall.cgi script. A malicious user can pass arbitrary shell commands on the remote server through this script...
Debian DSA-312-1 : kernel-patch-2.4.18-powerpc - several vulnerabilities
A number of vulnerabilities have been discovered in the Linux kernel. CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a binary compatibility interface lcall. CAN-2003-0001: Multiple...
AIX 5.2 : IY46784
The remote host is missing AIX Critical Security Patch number IY46784 Possible data error using memory mapped I/O in cachefs. You should install this patch for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...
RHEL 2.1 : fileutils (RHSA-2003:310)
Updated fileutils packages that close a potential denial of service vulnerability are now available. The fileutils package contains several basic system utilities. One of these utilities is the 'ls' program, which is used to list information about files and directories. Georgi Guninski discovered...