FrontAccounting 'attachments.php'任意文件上传漏洞

Bugtraq ID:66217 FrontAccounting FA是一个针对企业ERP供应链的网页会计系统。 FrontAccounting /admin/attachments.php脚本存在安全漏洞，允许攻击者上传使用恶意扩展名的文件，并以WEB权限执行。 0 FrontAccounting 2.x FrontAccounting 2.3.20已经修复该漏洞，建议用户下载更新： http://frontaccounting.com...

GLSA-201010-01 : Libpng: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201010-01 Libpng: Multiple vulnerabilities Multiple vulnerabilities were found in libpng: The pngdecompresschunk function in pngrutil.c does not properly handle certain type of compressed data CVE-2010-0205 A buffer overflow in...

80sec members kevin found the IIS 6.0 0day vulnerabilities-vulnerability warning-the black bar safety net

This two-day blended really not easy Ah, a wave of linux udev just finished processing, here comes a wave of IIS 6 vulnerabilities. 8 5 After engage the safety to engage the relatively good also so a few, 80sec kevin was one, young promising Ah. This vulnerability, scratch no Ding, reproduced in...

WikiWebWeaver Index.PHP任意文件上传漏洞

WikiWebWeaver是一款基于PHP的WIKI程序。 WikiWebWeaver不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞提交任意文件，造成以WEB权限执行。 问题是'index.php'脚本对用户提交的WEB参数缺少过滤，可导致提交任意PHP文件，攻击者借此可以WEB权限执行。 WikiWebWeaver WikiWebWeaver 1 beta 2 http://wikiwebweaver-devel.teuwen.org:8080/wiki/index.php?l=FR&display=QuoiDeNeufFR...