EUVD-2002-0459

Malware in sbrugna...

Nuked-klaN <= 1.7.7 / <= SP4.4 - Multiple Vulnerabilities Exploit

No description provided by source. ?php Name: Nuked-klaN = 1.7.7 and = SP4.4 Multiple Vulnerabilities Exploit Credits: Charles FOL charlesfolathotmail.fr URL: http://real.o-n.fr/ Date: 14/10/2008 Special thanks to Louis for remembering me I had to finish it = VULNERABILITY DETAILS...

Nuked-klaN 1.7.7 SP4.4 - Multiple Vulnerabilities

Nuked-klaN 1.7.7 SP4.4 - Multiple Vulnerabilities URL: http://real.o-n.fr/ Date: 14/10/2008 Special thanks to Louis for remembering me I had to finish it = VULNERABILITY DETAILS --------------------- Nuked-klaN suffers from a vulnerability due to HTTPREFERER, which is not correctly filtered befor...

Nuked-klaN 1.7.7 / SP4.4 - Multiple Vulnerabilities

URL: http://real.o-n.fr/ Date: 14/10/2008 Special thanks to Louis for remembering me I had to finish it = VULNERABILITY DETAILS --------------------- Nuked-klaN suffers from a vulnerability due to HTTPREFERER, which is not correctly filtered before being inserted in nukedstatsvisitor table. If HT...

Remote Command Execution

A critical problem has been discovered in plugin class.txrtehtmlareapi1.php that is used for spell-checking in the rtehtmlarea extension. Component Type: System Extension TYPO3 Versions 4.0-4.0.3, 4.1beta Third Party Extension TYPO3 Versions up to 3.8.1. Since TYPO3 Version 4.0 the extension is...

GLSA-200412-19 : phpMyAdmin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200412-19 phpMyAdmin: Multiple vulnerabilities Nicolas Gregoire exaprobe.com has discovered two vulnerabilities that exist only on a webserver where PHP safemode is off. These vulnerabilities could lead to command execution or fil...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Nicolas Gregoire exaprobe.com has discovered two vulnerabilities that exist only on a webserver where PHP safemode is off. These vulnerabilities could lead to...

CVE-2002-0462

bigsamguestbook.php for Big Sam Built-In Guestbook Stand-Alone Module 1.1.08 and earlier allows remote attackers to cause a denial of service CPU consumption or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error...

CVE-2002-0462

bigsamguestbook.php for Big Sam Built-In Guestbook Stand-Alone Module 1.1.08 and earlier allows remote attackers to cause a denial of service CPU consumption or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error...

move_uploaded_file breaks safe_mode restrictions in PHP

Hey Its possible to circumvent probadly spelled wrong PHP safemode restrictions by using moveuploadedfile. You take this nasty script and you have domain whatever.com and your directory path is /domains/whatever.com/ ? $file = $HTTPPOSTFILES'file''name'; $type = $HTTPPOSTFILES'file''type'; $size ...

PHP 4.x/5.x MySQL Library - &#039;Safe_mode&#039; Filesystem Circumvention (2)

...

PHP 4.x5.x MySQL Library - Safe_mode Filesystem Circumvention (1)

PHP 4.x5.x MySQL Library - Safemode Filesystem Circumvention 1 ?php / source: https://www.securityfocus.com/bid/4026/info PHP's 'safemode' feature may be used to restrict access to certain areas of a filesystem by PHP scripts. However, a problem has been discovered that may allow an attacker to...

PHP 4.x5.x MySQL Library - Safe_mode Filesystem Circumvention (3)

PHP 4.x5.x MySQL Library - Safemode Filesystem Circumvention 3 optionsMYSQLIOPTLOCALINFILE, 1; $m-setlocalinfilehandler"r"; $m-query"LOAD DATA LOCAL INFILE '/etc/passwd' INTO TABLE a.a"; $m-close; ?...

PHP 4.x/5.x MySQL Library - &#039;Safe_mode&#039; Filesystem Circumvention (1)

?php / source: https://www.securityfocus.com/bid/4026/info PHP's 'safemode' feature may be used to restrict access to certain areas of a filesystem by PHP scripts. However, a problem has been discovered that may allow an attacker to bypass these restrictions to gain unauthorized access to areas o...

security vulnerability in chuid

Chuid contained two fatal bugs, the first allowing a user to change the uid of files outside of the designated upload directory by using '..', the second allowing a user to change root owned files as well as webserver owned files. Give the combination of these to it is imperative that people usin...