Battle.net Clan Script <= 1.5.x Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================= Clan Script div Members Rank Member Name Email Date Joined ?phpmysqlselectdb$mysqldb or diemysqlerror; $sql = 'SELECT bcsmembers.id, bcsmembers.name, bcsmembers.email, bcsmembers.date,...

Debian Security Advisory DSA 919-2 (curl)

The remote host is missing an update to curl announced via advisory DSA 919-2. The upstream developer of curl, a multi-protocol file transfer library, informed us that the former correction to several off-by-one errors are not sufficient. For completeness please find the original bug description...

Debian Security Advisory DSA 919-1 (curl)

The remote host is missing an update to curl announced via advisory DSA 919-1. Several problems were discovered in libcurl, a multi-protocol file transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3185 A vulnerability has been discovered...

Debian Security Advisory DSA 919-1 (curl)

The remote host is missing an update to curl announced via advisory DSA 919-1. Several problems were discovered in libcurl, a multi-protocol file transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3185 A vulnerability has been discovered...

Uebimiau Web-Mail 2.7.10/2.7.2 Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications =================================================================== Uebimiau Web-Mail 2.7.10/2.7.2 Remote File Disclosure Vulnerability =================================================================== ---- Uebimiau Web-Mail Remote File...

IP Reg 0.3 - Multiple SQL Injections

IP Reg 0.3 - Multiple SQL Injections --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

phpsf-multi.txt

Title: PHP Security Framework Beta 1 Multiple Vulnerabilities and Security Bypass Vendor: http://benjilenoob.66ghz.com/projects/ Advisory: http://acid-root.new.fr/?0:16 Author: DarkFig Released on: 2007/12/16 Changelog: 2007/12/16 Summary: HT Remote File Inclusion MT SQL Injection MT SQL Injectio...

PHP Security Framework: Vuln and Security Bypass

Title: PHP Security Framework Beta 1 Multiple Vulnerabilities and Security Bypass Vendor: http://benjilenoob.66ghz.com/projects/ Advisory: http://acid-root.new.fr/?0:16 Author: DarkFig gmdarkfig at gmail dot com Released on: 2007/12/16 Changelog: 2007/12/16 Summary: HT Remote File Inclusion MT SQ...

PHP Security Framework - Multiple Input Validation Vulnerabilities

PHP Security Framework - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/26898/info PHP Security Framework is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and remote file-include issues. A successful exploit may...

PHP Security Framework - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/26898/info PHP Security Framework is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and remote file-include issues. A successful exploit may allow an attacker to execute malicious code within the context of the...

Anon Proxy Server 0.1000 - Remote Command Execution

By Michael Brooks Vulnerability type: Multiple Remote System commands execution. Software: Anon Proxy Server Home page:http://sourceforge.net/projects/anonproxyserver/ Affects version: 0.100 Example exploit:...

CVE-2007-5899

The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...

FreeBSD : php -- multiple security vulnerabilities (392b5b1d-9471-11dc-9db7-001c2514716c)

PHP project reports : Security Enhancements and Fixes in PHP 5.2.5 : - Fixed dl to only accept filenames. Reported by Laurent Gaffie. - Fixed dl to limit argument size to MAXPATHLEN CVE-2007-4887. Reported by Laurent Gaffie. - Fixed htmlentities/htmlspecialchars not to accept partial multibyte...

PHP Image XArg远程文件包含漏洞

PHP Image是一款基于PHP的WEB应用程序。 PHP Image不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是由于脚本对用户提交的\'XArg\'参数缺少过滤，指定远程服务器上的任意文件作为包含对象，可导致以以WEB权限执行任意命令。 PHP Image 1.2 目前没有解决方案提供： http://www.phpimage.co.uk http://www.sebug.net/exploit/2499...

PHP 5.x COM functions safe_mode and disable_function bypass

Exploit for unknown platform in category local exploits =========================================================== PHP 5.x COM functions safemode and disablefunction bypass =========================================================== sounds good //The windows version of PHP has built in support f...

openSUSE 10 Security Update : php5 (php5-3745)

The following issues have been fixed in PHP, which were spotted by the MOPB project or fixed in PHP 5.2.3 release : - missing openbasedir and safemode restriction CVE-2007-3007 - chunksplit integer overflow CVE-2007-2872 - DoS condition in libgd's image processing CVE-2007-2756 - possible...

openSUSE 10 Security Update : php5 (php5-3753)

The following issues have been fixed in PHP, which were spotted by the MOPB project or fixed in PHP 5.2.3 release : - missing openbasedir and safemode restriction CVE-2007-3007 - chunksplit integer overflow CVE-2007-2872 - DoS condition in libgd's image processing CVE-2007-2756 - possible...

PHP 5.2.4 ionCube extension safe_mode / disable_functions Bypass

No description provided by source. ?php //PHP5.2.4ionCubeextensionsafemodeanddisablefunctionsprotectionsbypass //author:shinnai //mail:shinnaiatautisticidotorg //site:http://shinnai.altervista.org //TestedonxpProsp2fullpatched,workedbothfromthecliandonapache //Technicaldetails: //ionCubeversion:6...

php security update

CentOS Errata and Security Advisory CESA-2007:0889 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting languag...

Fedora Core 6 : php-5.1.6-3.7.fc6 (2007-709)

This update fixes a number of security issues in PHP : - various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. CVE-2007-3996 - ...