CVE-2009-3451

The CVE-2009-3451 entry describes a directory traversal vulnerability in RADactive I-Load’s WebCoreModule.ashx, affecting versions prior to 2008.2.5.0. The flaw enables remote attackers to read arbitrary files via unspecified vectors due to improper input handling in the WebCoreModule.ashx compon...

CVE-2009-3447

CVE-2009-3447 describes an unrestricted file upload vulnerability in RADactive I-Load prior to 2008.2.5.0 that enables remote code execution by uploading a file with an executable extension and then requesting a predictable filename within a short window. Affected: RADactive I-Load (before 2008.2...

CVE-2009-3452

WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive information via unspecified requests that trigger responses containing the saved-image folder pathname...

CVE-2009-3447

Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window...

CVE-2009-3450

Multiple cross-site scripting XSS vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with underscore underscore sequences, which are incompatible with an XSS protection...

CVE-2009-3451

Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2009-3452

The CVE-2009-3452 entry concerns WebCoreModule.ashx in RADactive I-Load prior to version 2008.2.5.0. The vulnerability allows remote attackers to obtain sensitive information via requests that trigger responses containing the path to the saved-image folder. The available connected documents corro...

SuSE9 Security Update : ruby (YOU Patch Number 12452)

This update for ruby fixes the following security issues : - Improve return value checks for OpenSSL function OCSPbasicverify to refuse usage of revoked certificates. CVE-2009-0642 - Increase entropy of DNS identifiers to avoid spoofing attacks. CVE-2008-3905 - Fix denial of service DoS...

RADactive I-Load多个信息泄露和代码执行漏洞

I-Load是一个ASP.NET组件，用于在ASP.NET应用中管理图形上传。 I-Load组件中存在多个安全漏洞，允许远程攻击者泄露敏感信息、执行跨站脚本或入侵有漏洞的系统。 1 WebCoreModule.ashx脚本会在某些请求和响应中显示保存图形文件夹的绝对路径。 2 WebcodeModule.ashx所使用的大多数参数以两个下划线字符开始，这会禁用内置的ASP.NET防跨站脚本功能。某些参数没有得到充分的过滤，导致向响应中注入任意JavaScript。 3 WebCoreModule.ashx中的目录遍历漏洞允许攻击者在服务器上读取任意文件，包括配置文件、应用源码等。 4...

tomcat6 Denial-Of-Service with AJP connection

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

SEC Consult SA-20090917-0 :: RADactive I-Load Multiple Vulnerabilities

SEC Consult Security Advisory 20090917-0 ======================================================================= title: Multiple Vulnerabilities in RADactive I-Load products: RADactive I-Load vulnerable version: = I-Load 2008.2.4.0 fixed version: I-Load 2008.2.5.0 impact: critical homepage:...

rgmanager security update

CentOS Errata and Security Advisory CESA-2009:1339 An updated rgmanager package that fixes multiple security issues, various bugs, and adds enhancements is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team...

Image Voting 1.0 SQL Injection

Image voting 1.0 Remote Sql injection AuTh0r : SKuLL-HacKeR H0ME : WwW.Sec-Best.com & Saudihack.com & S3curity-Art.CoM Email : [email protected] download script : http://www.plohni.com/wb/content/static/Download.php?file=../php/download/Imagevoting1-0.zip exploit :...

rgmanager security, bug fix, and enhancement update

2.0.52-1.0.1 - Update summary and description to be vendor neutral 2.0.52-1 - When vm.sh does a status check and gets 'no state' it is now treated as a running state. - Resolves: rhb514044 2.0.51-1 - In some cases virtual machines will be restarted after a successful migration when the cluster...

Low: Red Hat Security Advisory: rgmanager security, bug fix, and enhancement update

An updated rgmanager package that fixes multiple security issues, various bugs, and adds enhancements is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. The rgmanager package contains the Red Hat Resourc...

CVE-2008-7102

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...

KSP 2006 FINAL ( .M3U) Universal Local Buffer Exploit (SEH)

No description provided by source. !/usr/bin/perl by hack4love [email protected] KSP 2006 FINAL .M3U Universal Local Buffer Exploit SEH http://download.cnet.com/KSP/3000-21394-10540099.html?tag=mncol easy this work sooooooooo good USEKSPPLAYLISTLOADHACK4LOVE.M3U BOOM CALC INFO::WE HAVE ONLEY...

KSP 2006 FINAL - .m3u Universal Local Buffer (SEH)

KSP 2006 FINAL - .m3u Universal Local Buffer SEH !/usr/bin/perl by hack4love [email protected] KSP 2006 FINAL .M3U Universal Local Buffer Exploit SEH http://download.cnet.com/KSP/3000-21394-10540099.html?tag=mncol easy this work sooooooooo good USEKSPPLAYLISTLOADHACK4LOVE.M3U BOOM CALC INFO::...

Xenorate Media Player 2.6.0.0 (.xpl) Universal Local Buffer Exploit (SEH)

Exploit for unknown platform in category local exploits ========================================================================= Xenorate Media Player 2.6.0.0 .xpl Universal Local Buffer Exploit SEH ========================================================================= !/usr/bin/perl by...

tomcat6 Denial-Of-Service with AJP connection

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...