1151 matches found
Quick Polls - Local File Inclusion / Deletion
'Quick Polls' Local File Inclusion & Deletion Vulnerabilities CVE-2011-1099 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Two vulnerabilities exist in 'Quick Polls' providing local file inclusion & local file deletion due to null-byte attacks...
Multiple Vulnerabilities in ReOS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ReOS which could be exploited to perform SQL injection attacks and compromise vulnerable system. 1 SQL injection vulnerabilities in ReOS 1.1 The vulnerability exists due to input sanitation errors in the...
Multiple Vulnerabilities in Podcast Generator
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Podcast Generator which could be exploited to perform cross-site scripting attacks, disclose potentially sensitive information and compromise vulnerable system. 1 Cross-site scripting vulnerability in Podcast...
Oracle Beehive voice-servlet Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Beehive. Authentication is not required to exploit this vulnerability. The specific flaw exists within 'voice-servlet/prompt-qa/Index.jspf'. During the creation of a file used for storing an...
Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Database 11g. Authentication is not required to exploit this vulnerability. The specific flaw exists within a JSP script exposed via an HTTPS server running by default on TCP port 1158. The...
FreeBSD : php -- NULL byte poisoning (3761df02-0f9c-11e0-becc-0022156e8794)
PHP-specific version of NULL-byte poisoning was briefly described by ShAnKaR : Poison NULL byte vulnerability for perl CGI applications was described in 1. ShAnKaR noted, that same vulnerability also affects different PHP applications. PHP developers report that branch 5.3 received a fix : Paths...
php -- NULL byte poisoning
PHP-specific version of NULL-byte poisoning was briefly described by ShAnKaR: Poison NULL byte vulnerability for perl CGI applications was described in 1. ShAnKaR noted, that same vulnerability also affects different PHP applications. PHP developers report that branch 5.3 received a fix: Paths wi...
'Pulse CMS Basic' Local File Inclusion Vulnerability (CVE-2010-4330)
'Pulse CMS Basic' Local File Inclusion Vulnerability CVE-2010-4330 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'includes/controller.php' script that allows for arbitrary local file inclusion due to a null-byte...
Pulse CMS Basic Local File Inclusion Vulnerability
Exploit for php platform in category web applications ================================================== Pulse CMS Basic Local File Inclusion Vulnerability ================================================== I. DESCRIPTION --------------------------------------- A vulnerability exists in the...
Pulse CMS Basic 1.2.8 Local File Inclusion
'Pulse CMS Basic' Local File Inclusion Vulnerability CVE-2010-4330 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'includes/controller.php' script that allows for arbitrary local file inclusion due to a null-byte...
Pulse CMS Basic - Local File Inclusion
Pulse CMS Basic - Local File Inclusion 'Pulse CMS Basic' Local File Inclusion Vulnerability CVE-2010-4330 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'includes/controller.php' script that allows for arbitrary local...
Pulse CMS Basic - Local File Inclusion
'Pulse CMS Basic' Local File Inclusion Vulnerability CVE-2010-4330 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'includes/controller.php' script that allows for arbitrary local file inclusion due to a null-byte...
Unfixed XSS vulnerability at www.mdap.co.uk
Security researcher Null Byte Krew, has submitted on 20/11/2010 a cross-site-scripting XSS vulnerability affecting www.mdap.co.uk, which at the time of submission ranked 25615825 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/12/2011. It is...
[FLOCK-SA-2010-03] Flock Browser: javascript: url with a leading NULL byte can bypass cross origin protection (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FLOCK-SA-2010-03 http://flock.com/security/ Title: javascript: url with a leading NULL byte can bypass cross origin protection XSS Impact: High Announced on: 2010-09-09 Affected Products: Flock 3 versions prior to 3.0.0.4112 CVEs cve.mitre.org:...
vbShout 5.2.2 Remote / Local File Inclusion
Title: vbShout 5.2.2 Remote/Local File Inlcusion Mod/Admin + Author: fred777 - fred777.5x.to + Link: http://www.dragonbyte-tech.com/vbecommerce.php?do=purchase&act=product&id=2 + Vuln: vbshout.php?do=path/fileNULL-Byte + Greetzz to: SceneCoderz + Contact: [email protected] + -- Vuln...
vbShout 5.2.2 Remote/Local File Inlcusion Vulnerability
Exploit for php platform in category web applications ======================================================= vbShout 5.2.2 Remote/Local File Inlcusion Vulnerability ======================================================= + + Title: vbShout 5.2.2 Remote/Local File Inlcusion Mod/Admin + Author:...
vbShout 5.2.2 - Local/Remote File Inclusion
Title: vbShout 5.2.2 Remote/Local File Inlcusion Mod/Admin + Author: fred777 - fred777.5x.to + Link: http://www.dragonbyte-tech.com/vbecommerce.php?do=purchase&act=product&id=2 + Vuln: vbshout.php?do=path/fileNULL-Byte + Greetzz to: SceneCoderz + Contact: [email protected] + -- Vuln...
Local File Inclusion in TCMS
Vulnerability ID: HTB22573 Reference: http://www.htbridge.ch/advisory/localfileinclusionintcms.html Product: TCMS Vendor: Target CMS http://targetcms.com/ Vulnerable Version: 100728 and Probably Prior Versions Vendor Notification: 09 August 2010 Vulnerability Type: Local File Inclusion Status: No...
10kCMS File Disclosure Vulnerability
Exploit for php platform in category web applications ==================================== 10kCMS File Disclosure Vulnerability ==================================== Author: pimpim Software Link: http://www.10kcms.com/?page=download Version: 1.0 Category: webapps Google dork: Generated by 10kCMS...
Local File Inclusion in CMS Source
Vulnerability ID: HTB22545 Reference: http://www.htbridge.ch/advisory/localfileinclusionincmssource.html Product: CMS Source Vendor: Proud Daddy Web Design http://www.prouddaddy.net/ Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010...