6325 matches found
Firefly 1.1.01 - 'doc_root' Remote File Inclusion
firefly 1.1.01 = Remote File Include Vulnerablitiy D.Script: http://fresh.t-systems-sfr.com/unix/src/privat2/firefly-1.1.01.tar.gz Discovered by: Alkomandoz Hacker Homepage: asb-may.net & mohandko.com & sniper-sa.com & Tryag.com ====================================...
Remote file inclusion
PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System LMS 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter, a different vector than CVE-2007-1643...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supadbpath parameter to 1 commonfunctions.php, 2 adminauthcookies.php, 3 adminmods.php, 4 adminnews.php, 5 admintopics.php, 6 adminusers.php, 7...
Lms 1.5.x - 'RTMessageAdd.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/23611/info LMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also...
CVE-2007-2165
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...
DEBIAN-CVE-2007-2165
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...
CVE-2007-2165
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...
CVE-2007-2165
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...
ProFTPD AUTH多个验证模块安全绕过漏洞
proftpd是一款流行的开放源代码的FTP服务程序。 proftpd在AUTH API上存在一个错误,远程攻击者可以利用漏洞可以绕过安全限制,未授权访问。 由于FTP协议需要分开USER和PASS命令,ProFTPD独立的通过USER对用户数据进行检查,而当PASS接收到时对用户的验证进行校验。因此这些组合使ProFTPD允许多个同步Auth模块存在如modauthunix, modsql, modldap,可能导致某个验证模块提供用户数据modauthunix而另一个模块验证用户数据如modsql. 当验证模块modsql配置成使用底限制的验证策略,如: SQLAuthTypes...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 pub/modules/d/top.html; 2 /pub/modules/a/access.html;...
Web Slider 0.6 - 'path' Remote File Inclusion
Web Slider 0.6pathRemote File Inclusion Vulnerabilities D.Script: http://sourceforge.net/projects/webslider/ Discovered by: GolDM = Mahmoodali Homepage: http://Www.Tryag.Com/cc Exploit:Path/index.php?path=Shell Exploit:Path/modules/pdf.php?path=Shell Exploit:Path/plugins/highlight.php?path=Shell...
CVE-2007-1974
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...
CVE-2007-1974
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...
NullSoft WinAmp multiple security vulnerabilities
Multiple memory corruptions in different modules...
Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01
Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01 While developing one of our advanced security training modules, we identified a remotely exploitable buffer overflow vulnerability in the latest release of InterVetions' HTTP server NaviCopa 2.01. Successful exploitation of this...
MAMBO Modules SWmenu 4.0 (ImageManager.php) Remote File Include Vulnerabilities
MAMBO Modules SWmenu 4.0 ImageManager.php Remote File Include Vulnerabilities script : http://mamboxchange.com/frs/download.php/8109/comswmenufree4.0.zip file : /ImageManager/Classes/ImageManager.php Dork : index.php?option=comswmenupro Found by & Contact : Cold z3ro , [email protected] ,...
joomlamambo-rfi.txt
MAMBO Modules SWmenu 4.0 ImageManager.php Remote File Include Vulnerabilities script : http://mamboxchange.com/frs/download.php/8109/comswmenufree4.0.zip file : /ImageManager/Classes/ImageManager.php Dork : index.php?option=comswmenupro Found by & Contact : Cold z3ro , [email protected] ,...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the checkcsrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magicquotesgpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the 1 Projects, 2 Contacts, 3 Helpdesk, 4 Notes, 5 Search...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PHProjekt 5.2.0, when magicquotesgpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the 1 Projects, 2 Contacts, 3 Helpdesk, 4 Search only Gecko engine driven Browsers, and 5 Notes...
CVE-2007-0450
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...