8828 matches found
EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery Remote Command Execution
EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery Remote Command Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EASYPHP-DEV-SERVER-REMOTE-CMD-EXECUTION.txt + ISR: ApparitionSec Vendor: ===============...
CVE-2016-9178
The getuserasmex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a getuserex call...
Railo Remote File Include (CVE-2014-5468)
This module exploits a remote file include vulnerability in Railo. A vulnerability in thumbnail.cfm allows an attacker to download an arbitrary PNG file, and by taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the...
Multiple vulnerabilities in ePhone Disk
EPhone Disk is lightweight file manager to download, organize, deliver, and read files offline. ePhone Disk suffers from File Include, Local Command and Path Injection, and Remote Denial of Service vulnerabilities. Allows remote attackers to compromise web applications or mobile devices with...
Multiple Vulnerabilities in iStArtApp FileXChange
FileeXChange is a handy file manager for iPhone, iPod Touch and iPad. iStArtApp FileXChange suffers from file include, arbitrary file upload, local command, and path injection vulnerabilities. Allows remote attackers to compromise a web application or mobile device with unauthorized requests...
Atlassian Confluence arbitrary file include Vulnerability (CVE-2015-8399)
Affect the Assembly: Atlassian Confluence Atlassian Confluence is less than 5. 8. 17 versions of the service exist in the arbitrary file read and directory traversal vulnerabilities /spaces/viewdefaultdecorator. action? decoratorName=. Lists the current directory /spaces/viewdefaultdecorator...
WordPress Mail Masta Plugin 1.0 - local file inclusion
This file contains the vulnerability allows an attacker to include a file,usually using a“dynamic file include”mechanisms in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation. Source file: /inc/campaign/countofsend.php Line 4:...
PT-2016-3420 · Perl +2 · Perl +2
Name of the Vulnerable Software and Affected Versions: Perl versions prior to 5.22.3-RC2 Perl versions 5.24 prior to 5.24.1-RC2 Description: The issue is related to errors in privilege management in the Perl interpreter, specifically with the handling of the included directory array "@INC". This...
Axis Communications MPQTPACS 5.20.x - Server-Side Include Daemon Remote Format String
Axis Communications MPQTPACS 5.20.x - Server-Side Include Daemon Remote Format String !/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following...
Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String
Exploit for multiple platform in category remote exploits !/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following characteristic: - Heap Based...
Axis Communications MPQT/PACS 5.20.x - Server-Side Include Daemon Remote Format String
!/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following characteristic: - Heap Based Exploiting string located on the heap - Blind Attack No output...
ZTE gateway device /modules/service/download.php the file id parameter local file include vulnerability
No description provided by source...
Charm lesson OM video conferencing system /admin/do/proxy.php file target parameter remote file include vulnerability
No description provided by source...
WordPress Mobile Detector <=3.5 resize.php the src parameter local file include vulnerability
No description provided by source...
WordPress TheCartPress Plugin 1.1.1 local/remote file include vulnerability
No description provided by source...
squid: multiple issues in ESI processing
Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack...
squid: multiple issues in ESI processing
Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack...
squid: SIGSEGV in ESIContext response handling
An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack...
squid: multiple issues in ESI processing
Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack...
The vulnerability of the PHP interpreter allows a hacker to gain access to read files.
The vulnerability of the PHP interpreter lies in the lack of checks for the sequence “%00” in the path name. Exploiting this vulnerability allows an attacker, operating remotely, to read arbitrary files using specially crafted input data for the application that calls the function...