20 matches found
EUVD-2004-1424
Malware in sbrugna...
EUVD-2004-1423
Malware in sbrugna...
EUVD-2004-1537
Malware in sbrugna...
KorWeblog 1.6.2 - Remote Directory Listing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11744/info A vulnerability is reported in the KorWeblog software that may allow a remote user to disclose directory listings. The problem presents itself when a malicious user crafts an URI request containing directory...
CVE-2004-1543
Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. dot dot in the path parameter...
CVE-2004-1543
CVE-2004-1543 describes a directory traversal vulnerability in KorWeblog (viewimg.php) that affects version 1.6.2-cvs and earlier. The root cause is accepting a path parameter containing a “..” sequence, enabling remote attackers to list arbitrary directories. The issue is publicly documented by ...
CVE-2004-1426
Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. dot dot sequences in the lng parameter...
CVE-2004-1427
PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the GPATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. dot dot...
CVE-2004-1427
KorWeblog PHP remote file inclusion vulnerability (CVE-2004-1427) affects 1.6.2-cvs and earlier. The flaw is in main.inc via G_PATH, enabling remote code execution when a URL on a remote server is loaded, demonstrated by using .. sequences in the lng parameter to load main.inc. The CVSS vector (A...
CVE-2004-1426
CVE-2004-1426 affects KorWeblog 1.6.2-cvs and earlier. This directory traversal vulnerability in index.php (lng parameter) allows remote reading of arbitrary files and potential PHP file execution via ".." sequences. The provided documents confirm the affected software and payload, but do not inc...
KorWeblog php injection Vulnerability
KorWeblog php injection Vulnerability Release Date : 2004/12/31 KST Author : Mins mins at fsu.or.kr Product : KorWeblog http://weblog.kldp.org Vendor-Status: Vendor was contacted but I could not receive reply message. Vendor-Patches: None Impact: Attacker can execute arbitrary php code. Summary...
KorWeblog.txt
KorWeblog php injection Vulnerability Release Date : 2004/12/31 KST Author : Mins mins at fsu.or.kr Product : KorWeblog http://weblog.kldp.org Vendor-Status: Vendor was contacted but I could not receive reply message. Vendor-Patches: None Impact: Attacker can execute arbitrary php code. Summary...
CVE-2004-1427
PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the GPATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. dot dot...
CVE-2004-1543
Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. dot dot in the path parameter...
CVE-2004-1426
Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. dot dot sequences in the lng parameter...
KorWeblog 1.6.2 - Remote Directory Listing
KorWeblog 1.6.2 - Remote Directory Listing source: https://www.securityfocus.com/bid/11744/info A vulnerability is reported in the KorWeblog software that may allow a remote user to disclose directory listings. The problem presents itself when a malicious user crafts an URI request containing...
KorWeblog < 1.6.2 Remote Directory Listing
Binary data 2433.prm...
[Full-Disclosure] STG Security Advisory: [SSA-20041122-10] KorWeblog directory traversal vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 STG Security Advisory: SSA-20041122-10 KorWeblog directory traversal vulnerability Revision 1.3 Date Published: 2004-11-22 KST Last Update: 2004-11-22 Disclosed by SSR Team [email protected] Summary ======== KorWeblog is a weblog application us...
KorWeblog 1.6.2 - Remote Directory Listing
source: https://www.securityfocus.com/bid/11744/info A vulnerability is reported in the KorWeblog software that may allow a remote user to disclose directory listings. The problem presents itself when a malicious user crafts an URI request containing directory traversal sequences. When properly...
KorWeblog < 1.6.2 Multiple Vulnerabilities
The remote host is using KorWeblog, a web-based log application written in PHP. According to its banner, the installed version of KorWeblog is earlier than 1.6.2. Such versions are affected by reportedly affected by several vulnerabilities that may allow execution of arbitrary PHP code or retriev...