1684 matches found
уязвимости во многих популярных движках из за некоректной работы файловых функций языка PHP
уязвимость например имеет место быть в таких популярных форумах как phpBB и punBB, удачная эксплуатация происходит при подмене пути загрузки аватары, и загрузки аватары с PHP кодом например в EXIF заголовке. КОД: copy'1.jpg', "./dirforupload/1.php0"."/2.jpg"; или copy'1.jpg',...
WinGate IMAP Server Directory Traversal Vulnerabilities
The remote host appears to be running WinGate, a Windows application for managing and securing Internet access. The version of WinGate installed on the remote host fails to remove directory traversal sequences from the 'CREATE', 'SELECT', 'DELETE', 'RENAME', 'COPY', 'APPEND', and 'LIST' commands...
Directory traversal
Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the 1 CREATE, 2 SELECT, 3 DELETE, 4...
CVE-2006-0929
CVE-2006-0929 affects the IMAP server of ArGoSoft Mail Server Pro 1.8.8.1. The issue is a directory traversal in the IMAP RENAME command where mailbox names are not filtered for "..", allowing an authenticated remote attacker to create/move folders arbitrarily on the affected system. The connecte...
Directory traversal
Multiple directory traversal vulnerabilities in 1 EPSTIMAP4S.EXE and 2 SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to a list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the b APPEND,...
Directory traversal
Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. dot dot in the RENAME command...
MailEnable 1.1/1.7 - IMAP Rename Request Remote Denial of Service
source: https://www.securityfocus.com/bid/15556/info MailEnable is prone to a remote denial of service vulnerability. The vulnerability presents itself when a user issues a malicious rename request following authentication. Remote attackers can exploit this issue to trigger a denial of service...
MailEnable 1.11.7 - IMAP Rename Request Remote Denial of Service
MailEnable 1.11.7 - IMAP Rename Request Remote Denial of Service source: https://www.securityfocus.com/bid/15556/info MailEnable is prone to a remote denial of service vulnerability. The vulnerability presents itself when a user issues a malicious rename request following authentication. Remote...
SunFTP directory traversal
Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. dot dot characters in various commands, including 1 GET, 2 MKDIR, 3 RMDIR, 4 RENAME, or 5 PUT. SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from a...
FreeBSD : mysql -- erroneous access restrictions applied to table renames (035d17b2-484a-11d9-813c-00065be4b5b6)
A Red Hat advisory reports : Oleksandr Byelkin discovered that 'ALTER TABLE ... RENAME' checked the CREATE/INSERT rights of the old table instead of the new one. Table access restrictions, on the affected MySQL servers, may accidentally or intentionally be bypassed due to this bug. %NASLMINLEVEL...
CVE-2005-1846
CVE-2005-1846 affects YaMT prior to 0.5_2. Affected component/file handling allows directory traversal via the rename and sort options, enabling an attacker to overwrite arbitrary files. Some sources also note potential arbitrary code execution in affected contexts. Remediation: upgrade YaMT to v...
Security fix for the ALT Linux 8 package squid version 2.5.STABLE9-alt3
May 12, 2005 Denis Ovsienko 2.5.STABLE9-alt3 - applied: + 2005-04-20 14:59 Medium Fails to process requests for files larger than 2GB in size + 2005-03-26 23:53 Minor rename related cleanup + 2005-03-29 09:52 Cosmetic New cachemgr pendingobjects and clientobjects actions + 2005-03-30 22:51 Cosmet...
PT-2004-3380 · Nexgen · Nexgen Ftp Server
Name of the Vulnerable Software and Affected Versions: Nexgen FTP Server versions prior to 2.2.3.23 Description: The issue allows remote authenticated users to read or list arbitrary files via "C:" sequences in the 1 RETR get, 2 NLST ls, 3 LIST ls, 4 RNFR, or 5 RNTO FTP commands. This is a...
CVE-2004-0835
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities...
MySQL 3.x/4.x - ALTER TABLE/RENAME Forces Old Permission Checks
source: https://www.securityfocus.com/bid/11357/info MySQL is reported prone to multiple local vulnerabilities. Exploiting these issues may allow an attacker to bypass security restrictions or cause a denial-of-service condition in the application. Rportedly, an attacker can bypass certain securi...
MySQL 3.x4.x - ALTER TABLERENAME Forces Old Permission Checks
MySQL 3.x4.x - ALTER TABLERENAME Forces Old Permission Checks source: https://www.securityfocus.com/bid/11357/info MySQL is reported prone to multiple local vulnerabilities. Exploiting these issues may allow an attacker to bypass security restrictions or cause a denial-of-service condition in the...
mysql -- erroneous access restrictions applied to table renames
A Red Hat advisory reports: Oleksandr Byelkin discovered that "ALTER TABLE ... RENAME" checked the CREATE/INSERT rights of the old table instead of the new one. Table access restrictions, on the affected MySQL servers, may accidently or intentially be bypassed due to this bug...
DoS Vulnerabilities in Crob FTP Server 2.60.1
DoS Vulnerabilities in Crob FTP Server 2.60.1 Tested on Windows 98 Crash the Server with "con": Rename a file to "con" and the server will crash. Crash the Server with "s": Login with ssssss Send FTP commands with sssss like dir ssssss Zero X, member of www.lobnan.de and www.lostkey.org...
apache-linux.txt
/ LINUX X86 APACHE REMOTE EXPLOIT!!!!!!!!! This is the unpublished source for apache OpenSSL handshake exploit. We obtained this exploit by modifying a circulating apache worm, created by contem@efnet BY nebunu compile: gcc -o apache-ex apache.ex.c -lcrypto run: ./apache-ex do not use hostname! u...
UoW IMAPd Server 10.23412.264 - Remote Buffer Overflow
UoW IMAPd Server 10.23412.264 - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/1110/info A buffer overflow exists in imapd. The vulnerability exists in the list command. By supplying a long, well-crafted string as the second argument to the list command, it becomes possible t...