1611 matches found
mini CMS / News Script Light 1.0 - Remote File Include Exploit
No description provided by source. !/usr/bin/perl mini CMS / News Script Light 1.0 Remote File Include Exploit Bug found and exploit written by bd0rk || SOH-Crew Vendor: http://www.hinnendahl.com/ Downloadsite: http://www.hinnendahl.com/index.php?seite=download Description: The scriptpfad paramet...
SA-CONTRIB-2014-055 - Require Login - Access bypass
This module enables you to restrict access to a site for all non-authenticated users. The module does not protect the front page, thereby exposing any sensitive information on the front page to anonymous users. This vulnerability is mitigated by the fact that private/sensitive information must be...
samba: pam_winbind fails open when non-existent group specified to require_membership_of
The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...
Hewlett-Packard SiteScope SOAP Arbitrary File Download and Denial of Service Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. The issue lies in failure to require...
samba: pam_winbind fails open when non-existent group specified to require_membership_of
The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...
PHP file include vulnerability analysis-vulnerability warning-the black bar safety net
One, What is”remote file inclusion vulnerability”for? The answer is: the server through the php properties of a function to contain any files, since you want to include this file source filter is not strict, so can go to that contains a malicious file and we can construct the malicious file to...
PT-2014-2763 · Plone Foundation · Plone
Name of the Vulnerable Software and Affected Versions: Plone versions 2.1 through 4.1 Plone versions 4.2.x through 4.2.5 Plone versions 4.3.x through 4.3.1 Description: The issue allows remote attackers to bypass filtering and redirect users to arbitrary web sites, potentially conducting phishing...
Fedora 19 : php-5.5.7-1.fc19 (2013-23208)
12 Dec 2013, PHP 5.5.7 CLI server : - Added some MIME types to the CLI web server Chris Jones - Implemented FR 65917 getallheaders is not supported by the built-in web server - also implements apacheresponseheaders Andrea Faulds Core : - Fixed bug 66094 unregistertickfunction tries to cast a...
Command Shell, Bind TCP (via nodejs)
Creates an interactive shell via nodejs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework It would be better to have a commonjs payload, but because the implementations differ so greatly when it comes to require paths f...
Fedora 18 : telepathy-gabble-0.16.6-1.fc18 (2013-9794)
"This release fixes a man-in-the-middle attack. If you use an unencrypted connection to a 'legacy Jabber' pre-XMPP server, this version of Gabble will not connect until you make one of these configuration changes : - upgrade the server software to something that supports XMPP 1.0; or - use an...
PHP file include vulnerability details(including the truncated method)-vulnerability warning-the black bar safety net
One, what is”remote file inclusion vulnerability”for? The answer is: the server through the php properties of a function to contain any files, since you want to include this file source filter is not strict, so can go to that contains a malicious file and we can construct the malicious file to...
ISC BIND 9 DNS64 REQUIRE断言失败拒绝服务漏洞
BUGTRAQ ID: 56817 CVECAN ID: CVE-2012-5688 BIND是一个应用非常广泛的DNS协议的实现。 ISC BIND 9.8.0及更高版本支持 DNS64 IPv6转换机制,如果启用了dns64配置状态,BIND 9域名服务器在解析特制的请求时,会触发REQUIRE断言失败,造成服务器崩溃。此漏洞可被远程利用,9.8.0之前版本、不启用DNS64时不受此漏洞的影响。 0 ISC BIND 9.9.0-9.9.2 ISC BIND 9.8.0-9.8.4 临时解决方法: 对于启用了DNS64的BIND...
php execution vulnerability parsing-vulnerability warning-the black bar safety net
A code to perform the function In PHP you can execute the Code of the function. Such as eval , assert , the“and system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: ? php echo dir; ?& gt; The second file contains the code injection The file containing...
sflog! 1.00 - Multiple Vulnerabilities
:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2012-07-05 sflog! // 1 ..cut.. 53 requireonce"./includes/entries.inc.php"; // 4 ..cut.. File: ./sflog/includes/pageHeader.inc.ph...
PHP code execution vulnerability references summary-vulnerability warning-the black bar safety net
A code execution function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: The second file contains the code injection The file containing the function in the specific...
UBUNTU-CVE-2010-2445
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...
PHP code execution vulnerability-summary-vulnerability warning-the black bar safety net
Reference from:http://php-security.org/2010/05/20/mops-submission-07-our-dynamic-php/index.html A code execution function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1....
OBOphiX 2.7.0 Remote File Inclusion
OBOphiX fonctionsracine.php = 2.7.0 Remote File Include Vulnerability + Author : EA Ngel + Location : Manado - Indonesia + Situs : wwwdotmanadocodingdotnet + Contact : [email protected] + Download Script :...
OBOphiX <= 2.7.0 (fonctions_racine.php) Remote File Inclusion Vuln
Exploit for unknown platform in category web applications ================================================================== OBOphiX = 2.7.0 fonctionsracine.php Remote File Inclusion Vuln ================================================================== OBOphiX fonctionsracine.php = 2.7.0 Remote...
OBOphiX <= 2.7.0 (fonctions_racine.php) Remote File Inclusion Vuln
No description provided by source. OBOphiX fonctionsracine.php = 2.7.0 Remote File Include Vulnerability + Author : EA Ngel + Location : Manado - Indonesia + Situs : wwwdotmanadocodingdotnet + Contact : [email protected] + Download Script :...