2730 matches found
Directory traversal
Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request...
DEBIAN-CVE-2009-2658
Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request...
CVE-2009-2658
Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request...
CVE-2009-2658
Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request...
CVE-2009-2658
Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request...
CVE-2009-2481
mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and 1 send e-mail to arbitrary addresses or 2 obtain sensitive information via unspecified vectors...
Dokeos LMS <= 1.8.5 (whoisonline.php) PHP Code Injection Exploit
Exploit for unknown platform in category web applications ================================================================ Dokeos LMS = 1.8.5 whoisonline.php PHP Code Injection Exploit ================================================================ ?php /...
Lanius CMS 0.5.2 - Arbitrary File Upload
Lanius CMS 0.5.2 - Arbitrary File Upload = 0.4.6 and Lanius CMS $maxsz 53. return sprintfUPLOADTOOBIG, convertbytes$filesz, convertbytes$maxsz; 54. 55. $thyname = basenameurldecode$FILES$elem'name'; 56. if isset$allowedext 57. $ext = fileext$thyname; 58. if $ext==='' || !inarray$ext, $allowedext...
kernel: rt_cache leak leads to lack of network connectivity
The icmpsend function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache aka DST in some situations involving transmission of an ICMP Host Unreachable message, which allows remo...
CVE-2009-1047
Cross-site scripting XSS vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail...
CVE-2009-1047
CVE-2009-1047 is a Drupal XSS vulnerability in the Send by e-mail module of the Printer, e-mail and PDF versions module. The issue affects Drupal 5.x before 5.x-4.4 and 6.x before 6.x-1.4, enabling remote attackers to inject arbitrary web script or HTML via outbound HTML e-mail. Impact is web ses...
Design/Logic Flaw
Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors related to the flood control API...
CVE-2009-1037
CVE-2009-1037 affects Drupal’s Send by e-mail module within the "Printer, e-mail and PDF versions" module. The vulnerability concerns the flood control API and allows remote attackers to cause unlimited spam messages via vectors related to flood control behavior. Affected versions are 5.x before ...
Wordpress 2.7.0 admin remote code execution vulnerability-vulnerability warning-the black bar safety net
by Ryatpuretot mail: puretot at gmail dot com team: http://www.80vul.com date: 2008-12-18 Analysis: This vulnerability out in the background: wp-admin/post.php if currentusercan'editpost', $postID if $last = wpcheckpostlock $post-ID $lastuser = getuserdata $last ; $lastusername = $lastuser ?...
DEBIAN-CVE-2008-4311
The default configuration of system.conf in D-Bus aka DBus before 1.2.6 omits the sendtype attribute in certain rules, which allows local users to bypass intended access restrictions by 1 sending messages, related to sendrequestedreply; and possibly 2 receiving messages, related to...
CVE-2008-4311
The default configuration of system.conf in D-Bus aka DBus before 1.2.6 omits the sendtype attribute in certain rules, which allows local users to bypass intended access restrictions by 1 sending messages, related to sendrequestedreply; and possibly 2 receiving messages, related to...
MyTopix 1.3.0 - SQL Injection
MyTopix 1.3.0 - SQL Injection evil = ''; $this - socket = socketcreateAFINET, SOCKSTREAM, SOLTCP; $this - inj = '-1+UNION+SELECT+concatmembersname,0x3a,memberspass+FROM+mymembers+WHERE+membersid=2--'; private function send$packet if!$this - socket $this - socket = socketcreateAFINET, SOCKSTREAM,...
absolutefilesend-cookie.txt
| | / | \ \ / / / | / | | | | \ | | | | \ V / | | | | | | | | | | | | | || | | | | | | | | | | | | | | || | / || | || \ | Author : Hakxer Home : Www.educ-up.com Type Gap : Insecure cookie handling script : Absloute File Send see script http://www.xigla.com/afilesend/demo.htm Greetz : Allah ,...
Absolute File Send 1.0 Remote Cookie Handling Vulnerability
No description provided by source. | | / | \ \ / / / | / | | | | \ | | | | \ V / | | | | | | | | | | | | | || | | | | | | | | | | | | | | || | / || | || \ | Author : Hakxer Home : Www.educ-up.com Type Gap : Insecure cookie handling script : Absloute File Send see script...
Absolute File Send 1.0 Remote Cookie Handling Vulnerability
Exploit for unknown platform in category web applications =========================================================== Absolute File Send 1.0 Remote Cookie Handling Vulnerability =========================================================== | | / | \ \ / / / | / | | | | \ | | | | \ V / | | | | | | |...