Lucene search
K

3758 matches found

Exploit DB
Exploit DB
added 2004/07/14 12:0 a.m.45 views

PHP 4.x/5.0 - 'Strip_Tags()' Function Bypass

source: https://www.securityfocus.com/bid/10724/info It is reported that it is possible to bypass PHPs striptags function. It is reported that under certain circumstances, PHPs striptags function will improperly leave malformed tags in place. This vulnerability may mean that previously...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/10/01 12:0 a.m.91 views

DCP Portal - 5.5 holes

Never use this product if you have turned off magicquotesgpc. And this product won't work anyway if you have turned off registerglobals. All the files in the product, dont check for integrity of variables. You can easily exploit this using some SQL Injection techniques. For example, if you want t...

8.6AI score
Exploits0
CERT
CERT
added 2003/07/18 12:0 a.m.37 views

Weaknesses in MIT magic cookie and XDM X Windows authorization

Overview MIT magic cookie and XDM authorization contain vulnerabilities that could allow remote attackers to connect to X displays. Description Two widely used X Window System authorization schemes have weaknesses in their sample implementations. MIT-MAGIC-COOKIE-1 On some systems built without t...

7.3AI score
Exploits0
NVD
NVD
added 2003/07/02 4:0 a.m.14 views

CVE-2003-0391

Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the PASS command...

7.5CVSS7.8AI score0.03522EPSS
Exploits0References2
exploitpack
exploitpack
added 2003/06/11 12:0 a.m.9 views

Winmail Mail Server 2.3 Build 0402 - Remote Format String

Winmail Mail Server 2.3 Build 0402 - Remote Format String / Magic Winmail Server 2.3Build 0402 Remote Format string exploit. Coded by ThreaT. This one take advantage of a format bug in the SMTP protocol smtp port + The command to execute cannot exceed 90 characters + compile : cl.exe mwmxploit.c ...

0.3AI score
Exploits0
Cvelist
Cvelist
added 2003/06/10 4:0 a.m.17 views

CVE-2003-0391

Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the PASS command...

7.8AI score0.03522EPSS
Exploits0References2
exploitpack
exploitpack
added 2003/05/23 12:0 a.m.14 views

Magic Winmail Server 2.3 USER POP3 - Command Format String

Magic Winmail Server 2.3 USER POP3 - Command Format String // source: https://www.securityfocus.com/bid/7667/info A format string vulnerability has been reported for Magic Winmail Server when processing the USER POP3 command. An attacker may exploit this vulnerability by connecting to the...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2003/05/23 12:0 a.m.42 views

Magic Winmail Server format string bug

Format string bug during POP3 logging...

1.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2003/05/23 12:0 a.m.29 views

Magic Winmail Server v.2.*: format string

-----BEGIN PGP SIGNED MESSAGE----- Damage Hacking Group security advisory www.dhgroup.org Product: Magic Winmail Server Auth: AMAX Information Technologies Inc. www.magicwinmail.net Vulnerable versions: v.2. founded in 2.3 Vulnerability: format string...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2003/05/23 12:0 a.m.30 views

Magic Winmail Server 2.3 USER POP3 - Command Format String

// source: https://www.securityfocus.com/bid/7667/info A format string vulnerability has been reported for Magic Winmail Server when processing the USER POP3 command. An attacker may exploit this vulnerability by connecting to the vulnerable mail server and issuing the USER command with malicious...

7AI score
Exploits0
NVD
NVD
added 2003/04/22 4:0 a.m.12 views

CVE-2002-1482

SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magicquotesgpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry...

10CVSS8.2AI score0.03679EPSS
Exploits1References3
CVE
CVE
added 2003/04/02 5:0 a.m.38 views

CVE-2002-0287

The vulnerability affects Powie PHP Forum versions prior to 1.15. The root cause is that PHP magic_quotes is not explicitly enabled by default, enabling an attacker to bypass authentication and gain administrator privileges via an SQL injection when the PHP server is not configured to use magic q...

10CVSS8.6AI score0.02427EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2003/03/10 12:0 a.m.32 views

phpnuke60.txt

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.phpnuke.org Versions : 6.0 & 6.5? Modules : MembersList, YourAccount Problem : SQL Injection PHP Configuration : This will work if magicquotesgpc=OFF. PHP Code/Location : °°°°°°°°°°°°°°°°°°° /modules/MembersList/index.php :...

7.4AI score
Exploits0
NVD
NVD
added 2003/02/19 5:0 a.m.22 views

CVE-2002-1160

The default configuration of the pamxauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su...

7.2CVSS6.5AI score0.00431EPSS
Exploits0References9
NVD
NVD
added 2002/12/31 5:0 a.m.14 views

CVE-2002-1969

Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial of service crash via an invalid username during login...

5CVSS6.7AI score0.01227EPSS
Exploits0References2
securityvulns
securityvulns
added 2002/09/10 12:0 a.m.31 views

phpGB: mysql injection bug

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following mysql-injection-bug in phpGB: Details - ------- Product: phpGB Affected Version: 1.20 and maybe all versions before Immune Version: 1.40 OS affected: all OS with php Vendor-URL: http://www.walzl.net Vendor-Status:...

0.2AI score
Exploits0
CERT
CERT
added 2002/08/05 12:0 a.m.15 views

Magic Enterprise contains multiple shell scripts that allow arbitrary file overwriting via symlink redirection of temporary file

Overview Some versions of Magic eDeveloper Enterprise Edition contain a symbolic-link vulnerability that allows attackers to overwrite data or execute arbitrary commands. Description Magic eDeveloper is a development environment for large-scale and distributed applications.Magic eDeveloper...

8AI score
Exploits0References1
securityvulns
securityvulns
added 2002/07/13 12:0 a.m.48 views

Several problems in CARE 2002

Several problems in CARE 2002 ------------------------------------- What is CARE 2002? CARE 2002 is a free software package for hospitals. It's based on php + mysql. For further information visit http://www.care2x.com/. include + NULL problem Problem description There are several include statemen...

6.7AI score
Exploits0
NVD
NVD
added 2002/07/03 4:0 a.m.15 views

CVE-2002-0536

PHPGroupware 0.9.12 and earlier, when running with the magicquotesgpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack...

7.5CVSS7.5AI score0.02506EPSS
Exploits1References5
NVD
NVD
added 2002/05/31 4:0 a.m.21 views

CVE-2002-0287

pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default...

10CVSS8.1AI score0.02427EPSS
Exploits0References4
Rows per page
Query Builder