Local File Inclusion in CMS Source

Vulnerability ID: HTB22552 Reference: http://www.htbridge.ch/advisory/localfileinclusionincmssource1.html Product: CMS Source Vendor: Proud Daddy Web Design http://www.prouddaddy.net/ Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010...

apr-util single NULL byte buffer overflow

Off-by-one error in the aprbrigadevprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service application crash via crafted input...

Особенности реализации PHP include.

Особенности реализации PHP Include. Введение. В данной заметке, я попытался объединить в одном месте все фичи, найденные в последнее время и позволяющие повысить эффективность атаки на основе PHP Include. Основы. Внедрение PHP-кода PHP Include — это уязвимость, заключающаяся в возможности внедрен...

CVE-2010-2333

LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension...

Litespeed Technologies - Web Server Remote Poison Null Byte

Litespeed Technologies - Web Server Remote Poison Null Byte Litespeed Technologies Web Server Remote Poison null byte Zero-Day discovered and exploited by Kingcope in June 2010 google gives me over 9million hits Example exploit session: %nc 192.168.2.19 80 HEAD / HTTP/1.0 HTTP/1.0 200 OK Date: Su...

Joomla component SimpleDownload Local File Inclusion

No description provided by source. A vulnerability has been found in the downloader component for Joomla. It can be exploited in various ways - from sensitive information disclosure to remote code execution. Input passed to controller is not properly sanitized, allowing attacker to inject php cod...

Joomla Simple Downloader 0.9.5 Local File Inclusion / Command Execution

--Description-- A vulnerability has been found in the downloader component for Joomla. It can be exploited in various ways - from sensitive information disclosure to remote code execution. Input passed to controller is not properly sanitized, allowing attacker to inject php code via Local File...

Joomla component SimpleDownload Local File Inclusion

--Description-- A vulnerability has been found in the downloader component for Joomla. It can be exploited in various ways - from sensitive information disclosure to remote code execution. Input passed to controller is not properly sanitized, allowing attacker to inject php code via Local File...

Edimax AR-7084GA Router - Cross-Site Request Forgery / Persistent Cross-Site Scripting

25 die"One or more of the parts can't be longer then 25 characters!"; $url="http://".$SERVER"SERVERNAME".$SERVER"REQUESTURI"; for$i=1; $i'; die; else $time=$GET"time"; $script=$GET"script"; ? /Forms/advnatvirsvr1" name="VIRTUALSVRform" input type="hid...

Design/Logic Flaw

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...

Debian DSA-1904-1 : wget - insufficient input validation

Daniel Stenberg discovered that wget, a network utility to retrieve files from the Web using HTTPS and FTP, is vulnerable to the 'Null Prefix Attacks Against SSL/TLS Certificates' published at the Blackhat conference some time ago. This allows an attacker to perform undetected man-in-the-middle...

Miniweb 2.0 - Full Path Disclosure

Miniweb 2.0 - Full Path Disclosure Miniweb 2.0 Full Path Disclosure Name Miniweb 2.0 Vendor http://www.miniweb2.com Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2009-12-12 X. INDEX I. ABOUT THE APPLICATION II...

CVE-2009-4090

Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte...

Unrestricted file upload

Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte...

CVE-2009-4090

Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte...

Oscailt 3.3 Local File Inclusion

0 Oscailt 3.3 CMS 0 Download: http://sourceforge.net/projects/oscailt/ 0 Bug: Local File Inclusion in index.php file ! 0 Author: [email protected] 0 Team: Fatal Error 0 Poc: http://www.site.com/index.php?objid=/../../../../../../../../../../proc/self/environ%00 0...

Microsoft CryptoAPI certificate spoofing

Certificate name spoofing with NULL byte...

neon: Improper verification of x509v3 certificate with NULL (zero) byte in certain fields

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

Code injection

Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte %00 in the login parameter in an ajout action, which bypasses the regular expression check...

CVE-2008-7123

Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte %00 in the login parameter in an ajout action, which bypasses the regular expression check...