Directory traversal

Directory traversal vulnerability in Yet another Bulletin Board YaBB 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. dot dot in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variabl...

CVE-2007-3295

Directory traversal vulnerability in Yet another Bulletin Board YaBB 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. dot dot in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variabl...

CVE-2007-3295

YaBB 2.1 and earlier suffer a directory traversal vulnerability where remote authenticated users can execute arbitrary Perl code by manipulating the userlanguage profile setting; the userlanguage key is propagated to language variables across multiple YaBB scripts (HelpCentre.pl, ICQPager.pl, Sub...

mxBB Module MX Shotcast 1.0 RC2 (getinfo1.php) RFI Exploit

Exploit for unknown platform in category web applications ========================================================== mxBB Module MX Shotcast 1.0 RC2 getinfo1.php RFI Exploit ========================================================== !/usr/bin/perl mxBB Module MX Shotcast 1.0 RC2 getinfo1.php Remo...

CVE-2007-0669

Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files...

Design/Logic Flaw

Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files...

CVE-2007-0669

Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files...

CVE-2007-0669

CVE-2007-0669: Concrete details from the connected CERT/NVD entry show that TWiki 4.0.0–4.1.0 is affected by an arbitrary code execution vulnerability through CGI session files in the /tmp directory. An attacker who can create CGI session files may execute Perl code with the web server’s privileg...

FreeBSD : sql-ledger -- multiple vulnerabilities (0679deeb-8eaf-11db-abc9-0003476f14d3)

The Debian security Team reports : Several remote vulnerabilities have been discovered in SQL Ledger, a web-based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : Chris Travers...

CVE-2006-5872

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...

Debian DSA-1239-1 : sql-ledger - several vulnerabilities

Several remote vulnerabilities have been discovered in SQL Ledger, a web-based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4244 Chris Travers discovered that the...

CVE-2006-5872

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...

CVE-2006-5872

SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 are affected by an input sanitising vulnerability that allows remote attackers to execute arbitrary Perl code via the -e flag in the script parameter. This mirrors the CVE-2006-5872 issue described in the Debian advisory (DSA-1239-1) and OpenVAS...

DEBIAN-CVE-2006-4731

Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...

Apple Mac OSX 10.4.7 (PPC) - fetchmail Local Privilege Escalation

Apple Mac OSX 10.4.7 PPC - fetchmail Local Privilege Escalation !/usr/bin/perl getpwnedmail.pl http://www.digitalmunition.com written by kf kflistsatdigitalmunitiondotcom This is a canibalized version of "Kansas City POP Daemon Version 0.0" - Copyright c 1999 David Nicol kevin-finisterres-mac-min...

TWiki configure Script Arbitrary Command Execution

The version of TWiki installed on the remote host uses an unsafe 'eval' in the 'bin/configure' script that can be exploited by an unauthenticated attacker to execute arbitrary Perl code subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2006-3819

Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF"...

CVE-2006-3819

Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF"...

FreeBSD : awstats -- arbitrary code execution vulnerability (e86fbb5f-0d04-11da-bc08-0001020eed82)

An iDEFENSE Security Advisory reports : Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. The problem specifically exists because of insufficient input filtering before passing user-supplied data to an eval function. As part...

FlexBB 0.5.5 - '/inc/start.php?_COOKIE' SQL Bypass

!/usr/bin/perl -w FlexBB : DONT FORGET TO DO YOUR CONFIG !! DONT FORGET TO DO YOUR CONFIG !! DONT FORGET TO DO YOUR CONFIG !! use IO::Socket; -- Start -- $host = "127.0.0.1"; $path = "/flexbb/"; -- END -- $host :- The Host Name Without http:// | exm. www.vic.com $path :- FlexBB Dir On Server | ex...