1151 matches found
SuSE 11.2 / 11.3 Security Update : jakarta-commons-fileupload (SAT Patch Numbers 8445 / 8446)
jakarta-commons-fileupload received a security fix : - A poison null byte flaw was found in the implementation of the DiskFileItem class. A remote attacker could able to supply a serialized instance of the DiskFileItem class, which would be deserialized on a server, could use this flaw to write...
CVE-2013-5688
Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 dot dot backslash encoded null byte in the file parameter in a 1 download or 2 getcontent action, or 3 upload arbitrary files via a ../%0...
DEBIAN-CVE-2013-2186
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...
CVE-2013-2186
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...
Design/Logic Flaw
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...
CVE-2013-2186
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...
PT-2013-1117 · Red Hat +3 · Red Hat Jboss Brms +5
Name of the Vulnerable Software and Affected Versions: Apache Commons FileUpload versions affected versions not specified Red Hat JBoss BRMS version 5.3.1 Red Hat JBoss Portal versions 4.3 CP07, 5.2.2, and 6.0.0 Red Hat JBoss Web Server version 1.0.2 Description: The issue affects the DiskFileIte...
commons-fileupload: Arbitrary file upload via deserialization
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...
commons-fileupload: Arbitrary file upload via deserialization
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...
Microweber 0.8 Arbitrary File Deletion
Advisory ID: HTB23175 Product: Microweber Vendor: Microweber Vulnerable Versions: 0.8 and probably prior Tested Version: 0.8 Advisory Publication: September 25, 2013 without technical details Vendor Notification: September 25, 2013 Vendor Patch: September 26, 2013 Public Disclosure: October 16,...
commons-fileupload: Arbitrary file upload via deserialization
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...
commons-fileupload: Arbitrary file upload via deserialization
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...
commons-fileupload: Arbitrary file upload via deserialization
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...
php: hostname check bypassing vulnerability in SSL client
The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL...
PHP SSL Module "subjectAltNames"空字节处理安全绕过漏洞
Bugtraq ID:61776 PHP是一种HTML内嵌式的脚本语言 PHP SSL模块不正确处理服务器SSL证书中"subjectAltNames"通用名中的空字节,允许攻击者利用漏洞进行中间人攻击,获取敏感信息 0 PHP 5.3.27 PHP 5.4.17 PHP 5.5.1 厂商解决方案 用户可参考如下厂商提供的安全补丁以修复该漏洞: http://git.php.net/?p=php-src.git;a=commit;h=dcea4ec698dcae39b7bba6f6aa08933cbfee6755...
PT-2013-49: Null Byte Injection in Oracle Containers for J2EE
The specialists of the Positive Research center have detected a Null Byte Injection vulnerability in Oracle Containers for J2EE. Oracle Containers for J2EE does not properly handle a null byte in the path when transferring a request to another static page or a JSP script via pageContext.forward o...
HP Managed Printing Administration jobAcct Remote Command Execution
Exploit for windows platform in category remote exploits require 'msf/core' class Metasploit3 'HP Managed Printing Administration jobAcct Remote Command Execution', 'Description' = %q This module exploits an arbitrary file upload vulnerability on HP Managed Printing Administration 2.6.3 and befor...
HP Managed Printing Administration - jobAcct Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'HP Managed Printing Administration...
HP Managed Printing Administration jobAcct Remote Command Execution
This Metasploit module exploits an arbitrary file upload vulnerability on HP Managed Printing Administration 2.6.3 and before. The vulnerability exists in the UploadFiles function from the MPAUploader.Uploader.1 control, loaded and used by the server. The function can be abused via directory...
HP Managed Printing Administration jobAcct Remote Command Execution
This module exploits an arbitrary file upload vulnerability on HP Managed Printing Administration 2.6.3 and prior versions. The vulnerability exists in the UploadFiles function from the MPAUploader.Uploader.1 control, loaded and used by the server. The function can be abused via directory travers...