OneCMS 2.4 Remote SQL Injection / Upload Vulnerabilities

No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title: OneCMS Vulnerabilities Vendor: http://www.insanevisions.com Bugs: SQL Injection Authentication bypass , Arbitrary file upload! Vulnerable Version: 2.4 prior versions also may be affected Exploitation: Remo...

apache-mod-rewrite.rb.txt

require 'msf/core' module Msf class Exploits::Windows::Http::Apachemodrewrite 'Apache ModRewrite escapeabsoluteuri Off-By-One Buffer Overflow', 'Description' = %q This module exploits a off-by-one buffer overflow. RewriteRule must be enabled and rule must meets this criteria: beginning of the...

myphp30-sql.txt

================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / ================================================================================================= This is a Public Exploit. Date: 03/01/2008 dd,mm,yyyy...

CVE-2007-6336

Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file...

DEBIAN-CVE-2007-6336

Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file...

CVE-2007-6336

CVE-2007-6336 is a ClamAV vulnerability (pre-0.92) caused by an off-by-one error when decompressing MS-ZIP CAB files. Remote attackers could execute arbitrary code by supplying a crafted CAB file. The issue is addressed by upgrading to ClamAV 0.92 or newer (per connected advisories noting fixes f...

CVE-2007-6336

Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file...

CVE-2007-6336

Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file...

kernel ieee80211 off-by-two integer underflow

Integer underflow in the ieee80211rx function in net/ieee80211/ieee80211rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service crash via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211STYPEQOSDATA flag is set, aka an "off-by-two...

[SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1435-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 19, 2007 http://www.debian.org/security/faq -...

SuSE 10 Security Update : python (ZYPP Patch Number 3750)

This update fixes an off-by-one error in the PyLocalestrxfrm function which can lead to a memory leak. CVE-2007-2052 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

python off-by-one locale.strxfrm() (possible memory disclosure)

Off-by-one error in the PyLocalestrxfrm function in Modules/localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due ...

[SECURITY] [DSA 1426-1] New qt-x11-free packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1426-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 08, 2007 http://www.debian.org/security/faq -...

seditio-sql.txt

= 4.1, magicquotesgpc=Off echo "------------------------------------------------------------\n"; echo "Seditio CMS - use specific prefix default sed\n"; echo "-id= - use specific user id default 1\n\n"; echo "examples:\n"; echo "php $argv0 http://site.com/ -p=cms\n"; echo "php $argv0...

Seditio CMS <= 121 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =============================================== Seditio CMS = 4.1, magicquotesgpc=Off echo "------------------------------------------------------------\n"; echo "Seditio CMS - use specific prefix default sed\n"; echo "-id= - use specific...

Seditio CMS 121 - SQL Injection

Seditio CMS 121 - SQL Injection = 4.1, magicquotesgpc=Off echo "------------------------------------------------------------\n"; echo "Seditio CMS - use specific prefix default sed\n"; echo "-id= - use specific user id default 1\n\n"; echo "examples:\n"; echo "php $argv0 http://site.com/ -p=cms\n...

Debian DSA-1407-1 : cupsys - buffer overflow

Alin Rad Pop discovered that the Common UNIX Printing System is vulnerable to an off-by-one buffer overflow in the code to process IPP packets, which may lead to the execution of arbitrary code. The cupsys version in the old stable distribution sarge is not vulnerable to arbitrary code execution...

tcpdump denial of service

Off-by-one buffer overflow in the parseelements function in the 802.11 printer code print-80211.c for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service crash via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based...

Wireshark corrupts the stack when inspecting BOOTP traffic

Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service crash via crafted DHCP-over-DOCSIS packets...

Mandrake Linux Security Advisory : libpng (MDKSA-2007:217)

Multiple vulnerabilities were discovered in libpng : An off-by-one error when handling ICC profile chunks in the pngsetiCCP function CVE-2007-5266; only affects Mandriva Linux 2008.0. George Cook and Jeff Phillips reported several errors in pngrtran.c, such as the use of logical instead of bitwis...