21 matches found
EUVD-2008-0825
Malware in sbrugna...
EUVD-2006-5877
Malware in sbrugna...
EUVD-2014-2871
Malware in sbrugna...
EUVD-2007-2045
Malware in sbrugna...
EUVD-2007-0102
Malware in sbrugna...
gitea -- multiple vulnerabilities
The Gitea Team reports for release 1.13.2: Prevent panic on fuzzer provided string Add secure/httpOnly attributes to the lang cookie...
Western Digital Arkeia Remote Code Execution (CVE-2014-2846)
A remote code execution vulnerability has been reported in WD Arkeia appliance. A remote attacker may exploit this vulnerability by uploading a malicious php file using the lang cookie in order to parse this file. Successful exploitation could result in an arbitrary code execution...
CVE-2012-4031
Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. dot dot in the 1 lang or 2 langid cookie to port 85...
Directory traversal
Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. dot dot in the 1 lang or 2 langid cookie to port 85...
WANGKONGBAO CNS-1000 UTM IPS-FW - Directory Traversal (Metasploit)
Exploit Title: WANGKONGBAO CNS-1000 and 1100 Network Security Platform UTM Directory Traversal Date: 7/2/2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.wangkongbao.com/products.html Version: CNS-1000 and 1100 The issue is in the /src/acloglogin.php langid and lang parameters...
Directory traversal
Directory traversal vulnerability in index.php in Smeego 1.0, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang cookie...
CVE-2008-2352
Directory traversal vulnerability in index.php in Smeego 1.0, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang cookie...
CVE-2008-2352
CVE-2008-2352 documents a directory traversal in index.php of Smeego 1.0 where disabling magic_quotes_gpc allows remote attackers to include and execute arbitrary local files via a .. in the lang cookie. The issue is caused by insufficient validation of the cookie value used in file inclusion, en...
Directory traversal
Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the lang cookie to 1 comment.php, 2 index.php, and 3 show.php...
Directory traversal
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. dot dot in a lang cookie, followed by a filename without its .php extension, as demonstrated via a...
CVE-2007-0609
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. dot dot in a lang cookie, followed by a filename without its .php extension, as demonstrated via a...
Directory traversal
Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 a lang cookie or 2 the language parameter...
CVE-2007-2050
Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 a lang cookie or 2 the language parameter...
CVE-2007-2050
Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 a lang cookie or 2 the language parameter...
Directory traversal
Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log fil...