74 matches found
Fedora Update for mantis FEDORA-2013-5801
Check for the Version of mantis OpenVAS Vulnerability Test Fedora Update for mantis FEDORA-2013-5801 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
[SECURITY] Fedora 18 Update: mantis-1.2.15-1.fc18
Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis-1.2.15...
[SECURITY] Fedora 18 Update: mantis-1.2.14-1.fc18
Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis-1.2.14...
Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120627)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...
Fedora Update for php FEDORA-2012-7586
Check for the Version of php OpenVAS Vulnerability Test Fedora Update for php FEDORA-2012-7586 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...
PHP CGI Query String Parameters Command Execution
Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...
PHP 5.3.8 Released, Fixes Crypto Bug
A day after warning users about a serious bug in the cryptographic function in PHP 5.3.7 and telling them not to upgrade to that release, the maintainers of the scripting language pushed out version 5.3.8, which fixes the crypto problem as well as another security related issue. PHP 5.3.7, which...
Serious Crypto Bug Found in PHP 5.3.7
The maintainers of the PHP scripting language are warning users about a serious crypto problem in the latest release and advising them not to upgrade to PHP 5.3.7 until the bug is resolved. PHP 5.3.7 was just released last week and that version contained fixes for a slew of security...
Esselbach Storyteller CMS System Version 1.8 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Esselbach Storyteller CMS System Version 1.8 page.php Remote SQL Injection Vulnerability Date: March, 9th 2011 GMT +7 Author: Shamus Software Link: http://www.esselbach.com/ Version : Esselbach Storyteller CMS System Version 1.8...
Esselbach Storyteller CMS System 1.8 - SQL Injection
Esselbach Storyteller CMS System 1.8 - SQL Injection Exploit Title: Esselbach Storyteller CMS System Version 1.8 page.php Remote SQL Injection Vulnerability Date: March, 9th 2011 GMT +7 Author: Shamus Software Link: http://www.esselbach.com/ Version : Esselbach Storyteller CMS System Version 1.8...
[SECURITY] Fedora 12 Update: php-5.3.3-1.fc12
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
PHP tempnam()函数safe_mode验证绕过安全限制漏洞
BUGTRAQ ID: 38431 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 当目录路径没有以“/”结束时PHP的tempnam函数中没有正确的执行safemode验证,攻击者可以绕过安全限制获得对目录的读写访问。 PHP PHP 5.3.x PHP PHP 5.2.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://svn.php.net/viewvc/php/php-src/branches/PHP53/ext/session/session.c?view=log...
Side note the Echo of the target Station WebShell-vulnerability warning-the black bar safety net
Command format The Echo statement the target Station absolute directory For example: echo ^^%execute request"0"^%^ D:\03389.com\wwwroot\YingMu.asp Such access to the target bin directory it will generate a password of 0 the asp in a word, this method in PHP and other scripting languages are...
Echo out WebShell-vulnerability warning-the black bar safety net
On a side note process, you can execute the cmd without permission and relatively low in the case, sometimes you can use this method to help you down the target Station. Command format The Echo statement the target Station absolute directory For example: echo ^^%execute request"0"%^...
jax formmailer 3.0.0 - Remote File Inclusion
--:remote file include:-- --------------------------------- script:Jax FormMailer 3.0.0 Release:01.06.2008 - Author: ahmadbady ----------------------------------------------------------------------- download from:http://www.jtr.de/scripting/php/formmailer/indexeng.html...
php: FastCGI module DoS via multiple dots preceding the extension
PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service crash via a request with multiple dots preceding the extension, as demonstrated using foo..php...
Fedora Update for mantis FEDORA-2008-8925
Check for the Version of mantis OpenVAS Vulnerability Test Fedora Update for mantis FEDORA-2008-8925 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Fedora Update for mantis FEDORA-2008-6647
Check for the Version of mantis OpenVAS Vulnerability Test Fedora Update for mantis FEDORA-2008-6647 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
[Full-disclosure] PHP 5.2.6 chdir(), ftok() (standard ext) safe_mode bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.6 chdir,ftok standard ext safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 securityreason.com Date: - - Written: 10.05.2008 - - Public: 17.06.2008 SecurityReason Research SecurityAlert Id: 55 CVE: CVE-2008-2666 CWE: CWE-264 SecurityRisk...
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-2238)
This update fixes the following security problems in the PHP scripting language : - CVE-2006-5465: Various buffer overflows in htmlentities/htmlspecialchars internal routines could be used to crash the PHP interpreter or potentially execute code, depending on the PHP application used. - A missing...