FUll Path Disclosure in YABBSE

ECHOADV05$2004 --------------------------------------------------------------------------- FUll Path Disclosure in YABBSE --------------------------------------------------------------------------- Author: y3dips Date: August, 25th 2004 Location: Indonesia, Jakarta Web:...

Gallery: Arbitrary command execution

Background Gallery is a PHP script for maintaining online photo albums. Description The upload handling code in Gallery places uploaded files in a temporary directory. After 30 seconds, these files are deleted if they are not valid images. However, since the file exists for 30 seconds, a carefull...

Hosting Controller Multiple Script Arbitrary Directory Browsing

Binary data 1696.prm...

Hosting Controller Multiple Script Arbitrary Directory Browsing

Binary data 1701.prm...

IRM Security Advisory 9

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 009 RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities Vulnerablity Type / Importance: Network Subversion, Open Proxy, Brute-For...

PostNuke 0.7x - Install Script Administrator Password Disclosure

PostNuke 0.7x - Install Script Administrator Password Disclosure source: https://www.securityfocus.com/bid/10793/info It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the...

PostNuke 0.7x - Install Script Administrator Password Disclosure

source: https://www.securityfocus.com/bid/10793/info It is reported that PostNuke may disclose administrator authentication credentials to remote attackers. This issue presents itself because the application fails to remove the install script 'install.php' after installation. This can allow an...

artmedic_links5 PHP Script (include path) vuln

There's a possilbity of looking at files with apache priviliges using artmediclinks5 php script. http://www.artmedic-phpscripts.de/artmediclinks.php. Vulnerability include path is in index.php, standard use: hostname/artmediclinks5/index.php?id=file or index.php?id=url I noticed there's a lot of...

Rit Research Labs TinyWeb 1.9.2 - Unauthorized Script Disclosure

Rit Research Labs TinyWeb 1.9.2 - Unauthorized Script Disclosure source: https://www.securityfocus.com/bid/10445/info TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web...

EXP_OmniHTTPd.BAT

EXPOmniHTTPd.BAT @echo off :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :Application: OmniHTTPd :Vendors: http://www.omnicron.ca :Version: 0xE0 f 117 206 41 !JMPESP@w2k e 207 12 45 FA 7F !Shellcode e 20B EB 1B 5B BE 43 6F 6F 6C BF 49 43 45 21 43 39 3B e 21B 75 FB 4B 80 3...

cobain-monit.pl

!/usr/bin/perl cobain-monit.pl monit \n\n"; exit0; print "HOST:\t$ARGV0\n"; print "PORT:\t2812\n"; my $buffer = "B" x 284 . "\xcf\x89\xb3\x40" . $shellcode; esp mandrake 9.1 my $buffer = "A" x 284 . "XXXX" . "B" x 100; dos and debug print "connecting to server...\n"; $socket = IO::Socket::INET -...

FVWM 2.4.172.5.8 - fvwm_make_browse_menu.sh Scripts Command Execution

FVWM 2.4.172.5.8 - fvwmmakebrowsemenu.sh Scripts Command Execution source: https://www.securityfocus.com/bid/9922/info It has been reported that the FVWM fvwmmakebrowsemenu.sh script is prone to a command execution vulnerability. This issue is due to the script allowing a user to define which...

Laurent Adda Les Commentaires 2.0 - PHP Script admin.php Remote File Inclusion

Laurent Adda Les Commentaires 2.0 - PHP Script admin.php Remote File Inclusion source: https://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external...

Andys PHP Projects Man Page Lookup Script - Information Disclosure

Andys PHP Projects Man Page Lookup Script - Information Disclosure source: https://www.securityfocus.com/bid/9395/info A problem in the handling of user-supplied input by Andy's PHP Projects Man Page Lookup script has been reported. Because of this, it is possible for an attacker to gain...

Andy's PHP Projects Man Page Lookup Script - Information Disclosure

source: https://www.securityfocus.com/bid/9395/info A problem in the handling of user-supplied input by Andy's PHP Projects Man Page Lookup script has been reported. Because of this, it is possible for an attacker to gain unauthorized access to sensitive information on a system...

CVE-2003-1531

Cross-site scripting XSS vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...

SGDynamo sgdynamo.exe HTNAME Parameter Path Disclosure

The CGI 'sgdynamo.exe' can be tricked into giving the physical path to the remote web root. This information may be useful to an attacker who can use it to launch more effective attacks against the remote server. %NASLMINLEVEL 70300 This script written by Scott Shebby 12/2003 See the Nessus Scrip...

CVE-2002-1564

Internet Explorer 5.5 and 6.0 allows remote attackers to steal potentially sensitive information from cookies via a cookie that contains script which is executed when a page is loaded, aka the "Script within Cookies Reading Cookies" vulnerability...

Ultimate PHP Board admin_iplog.php Arbitrary Code Execution

The remote host is running Ultimate PHP Board UPB. There is a flaw in this version which may allow an attacker to execute arbitrary code on this host, by sending a malformed user-agent which contains PHP commands. Once the user-agent has been sent, it is stored in the logs. When the administrator...

CVE-2002-0513

The PHP administration script in poppermod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator...