Directory traversal

Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the 1 tmpid parameter to websitebuilder/showtemplateimage.php, 2 fname parameter to admin/downloadfile.php, or 3 id parameter to support/admin/csvdownload.php; or ...

FileMaster SY-IT 3.1 iOS - Multiple Web Vulnerabilities

FileMaster SY-IT 3.1 iOS - Multiple Web Vulnerabilities Document Title: =============== FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1170 Release Date: ============= 2013-12-16 Vulnerability...

[ike-scan] Discover & Fingerprint IKE Hosts (IPsec VPN Servers)

ike-scan discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern. ike-scan can perform the following functions: Discovery Determine which hosts in a given IP range are running IKE. This is done by displaying those hosts which respond to the IKE requests sent by...

AZL-34238 CVE-2013-6381 affecting package kernel for versions less than 5.15.148.2-2

Buffer overflow in the qethsnmpcommand function in drivers/s390/net/qethcoremain.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer...

UBUNTU-CVE-2013-6381

Buffer overflow in the qethsnmpcommand function in drivers/s390/net/qethcoremain.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer...

OTRS < 2.4.8 Race Condition Data Corruption Vulnerability

Open Ticket Request System OTRS is prone to a data corruption vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

aSc Timetables 2013 - Local Stack Buffer Overflow

!/usr/bin/python Title : ASC Timetables 2013 - Stack Buffer Overflow Vulnerability Researcher : Souhail Hammou Dark-Puzzle Research Team : http://itsecurity.ma Facebook : http://www.facebook.com/dark.puzzle.sec Date : 22/06/2013 Download Website : www.asctimetables.com/downloaden.html Software...

aSc Timetables 2013 - Local Stack Buffer Overflow

aSc Timetables 2013 - Local Stack Buffer Overflow !/usr/bin/python Title : ASC Timetables 2013 - Stack Buffer Overflow Vulnerability Researcher : Souhail Hammou Dark-Puzzle Research Team : http://itsecurity.ma Facebook : http://www.facebook.com/dark.puzzle.sec Date : 22/06/2013 Download Website :...

kernel: kvm: missing check in kvm_set_memory_region()

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted...

Buffer overflow

Multiple buffer overflows in IBM Tivoli Netcool System Service Monitors SSM and Application Service Monitors ASM 4.0.0 before FP14 and 4.0.1 before FP1 allow context-dependent attackers to execute arbitrary code or cause a denial of service via a long line in 1 hrfstable.idx, 2 hrdevice.idx, 3...

java-1_7_0-openjdk: update to 2.3.6 (critical)

java-170-openjdk was updated to icedtea-2.3.6 bnc803379 containing various security and bugfixes: Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at constructi...

QQ bypass the main display account add vulnerability-vulnerability warning-the black bar safety net

Brief description: Should be QQ again and yet another to bypass the main display account add friends bug,you can add some set to:only by the main display account to find the user. But the condition is the need for space is set to a non-any people inside. But now most of the users in order to...

ike-version NSE Script

Obtains information such as vendor and device type where available from an IKE service by sending four packets to the host. This scripts tests with both Main and Aggressive Mode and sends multiple transforms per request. Example Usage nmap -sU -sV -p 500 nmap -sU -p 500 --script ike-version Scrip...

The movable section(dkcms)vulnerability-vulnerability warning-the black bar safety net

The main is almost 3 versions of main, v2. 0 v3. 1 v4. 2 Google keyword: powered by dkcms The website turned out to find the source code download, Baidu, download this 3 source code, as is the asp source code, mostly to look at the default database, what are the three default database V2. 0...

PHP 5.4.0RC2-5.4.0 'main/SAPI.c' HTTP标头注入漏洞

BUGTRAQ ID: 55527 CVE ID: CVE-2012-4388 PHP是一种HTML内嵌式的语言，PHP与微软的ASP颇有几分相似，都是一种在服务器端执行的嵌入HTML文档的脚本语言，语言的风格有类似于C语言，现在被很多的网站编程人员广泛的运用。 PHP 5.4.0RC2-5.4.0版本的main/SAPI.c内sapiheaderop函数在检查%0D序列时没有正确确定指针，可允许远程攻击者通过特制的URL绕过HTTP响应分离保护机制，该URL相关PHP标头函数和某些浏览器直接的不恰当交互。 0 PHP 5.4.0RC2-5.4.0 厂商补丁： PHP ---...

Mandriva Linux Security Advisory : libreoffice (MDVSA-2011:172)

Multiple vulnerabilies has been discovered and corrected in libreoffice : Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file CVE-2011-2685. oowriter in OpenOffice.org 3.3.0 and...

DEBIAN-CVE-2012-2698

Cross-site scripting XSS vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Mainpage...

Csound util/lpci_main.c main() Function Multiple Buffer Overflows

The version of Csound installed on the remote Windows host is less than 5.17.2. As such, it is reportedly affected by a stack- and a heap-based buffer overflow present in the util/lpcimain.c main function. By tricking a user into opening a specially crafted file, an attacker may be able to execut...

Link Up Gold CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Link Up Gold CSRF Author: Jonturk75 Category:: webapps Demo : http://demo.scripts-gate.com/LinkUpGold/administration Greetz: Inj3ct0r Exploit DataBase 1337day.com 0day.today 2018-04-14...

initscripts: IPSec ifup script allows for aggressive IKE mode

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key PSK hash...