php security update

CentOS Errata and Security Advisory CESA-2007:0889 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting languag...

CVE-2004-2684

Technical details about CVE-2004-2684 are not publicly provided in the connected documents. The Initial Description is generic. Monitor for updates from vendors (InterSystems/Red Hat/NVD) for affected products and fixes.

Symantec Discovery Insecure File Permissions

SUMMARY Insecure default directory and file permissions may allow local users to gain escalated privileges. Severity Low Remote Access | Local network access required ---|--- Local Access | Yes Authentication Required | Yes Exploit publicly available | No AFFECTED PRODUCTS Affected Products Produ...

Flaw in about.r OS and Progress version disclosure

about.r OS and Progress version disclosure. Because of poor security in webutil/about.r it is possible to view the OS and the Progress version of a remote webspeed server. First you have to find the messenger execution url. For example: http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1...

Cahier de texte 2.0 (Database Backup/Source Disclosure) Remote Exploit

No description provided by source. !/usr/bin/perl INFORMATIONS ============ Affected.scr..: Cahier de texte V2.0 Poc.ID........: 15061124 Type..........: Predictable backup filename, Source disclosure Risk.level....: High Conditions....: registerglobals = on Src.download..:...

freewebshop222.txt

FreeWebshop '"alertdocument.cookie laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: [email protected]...

Gallery main.php远程目录遍历漏洞

Gallery是基于Web的开放源码相册管理器。 Gallery中存在目录遍历漏洞，攻击者可以通过特制的url无需登录便访问服务器中webserver可访问的任意文件，导致泄漏敏感信息。 Gallery Gallery 2.0-Beta3 厂商补丁： Gallery ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： Gallery Upgrade gallery-2.0.1-typical.tar.gz http://prdownloads.sourceforge.net/gallery/gallery-2.0.1-typical.tar.gz...

CVE-2006-2715

The Administration Console in Secure Elements Class 5 AVR aka C5 EVM before 2.8.1 does not enforce access control, which allows remote attackers to gain access to servers via the console...

90% of programs made in PHP5 and prior Full Path Disclosure vuln.

:Introduction: Normally one of the last steps when accessing to a web-server is to find the url where the web is installed more common in RFD. This may be a hard step, if the RPD is the only bug in that server, but PHP programs have functions that unexpectedly can return lots of errors. ATTENTION...

Adobe LiveCycle security restrictiions bypass

User marked as OBSOLETE can access server...

The use of TCP hidden channels to bypass the firewall-vulnerability warning-the black bar safety net

From:http://www. oioj. net/ my home ISP a free personal home page service, in the days that followed, I often passed 3 3 8 9 Port to log in, constantly to the IT patch patch the vulnerability, do some management and maintenance, own also grow a lot of knowledge. Recently delving intonetworksecuri...

phpWebSite 0.10.0 - module SQL Injection

phpWebSite 0.10.0 - module SQL Injection !/usr/bin/perl use LWP::Simple; $serv = $ARGV0; $path = $ARGV1; $name = $ARGV2; sub usage print "\nUsage: $0 server path username \n"; print "sever - URL\n"; print "path - path to index.php\n"; print "username - name register user\n\n"; exit ; sub work pri...

FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key

FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key // source: https://www.securityfocus.com/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in a...

FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key

// source: https://www.securityfocus.com/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in an XML file or the Windows Registry. This can allow t...

Remote IIS 5.x and IIS 6.0 Server Name Spoof

Remote IIS 5.x and IIS 6.0 Server Name Spoof It is possible to remotely spoof the "SERVERNAME" Microsoft® Internet Information Server® 5.0, 5.1 and 6.0 server variable by doing a modified HTTP request. Thus potentially revealing sensitive ASP code through the IIS 500-100.asp error page, the spoof...

Microsoft IS error pages information leak

Request variable SERVERNAME controllable by client is used to validate server access...

Vulnerability found in CPAINT Ajax Toolkit

I am the original author of the CPAINT Ajax Toolkit http://cpaint.sourceforge.net/. Last night we found a vulnerability affecting all versions of CPAINT prior to v1.3-SP which is the patched version of the software that can allow a user with malicious intent to execute server or ASP/PHP commands...

PPA 0.5.6 - ppa_root_path File Inclusion

PPA 0.5.6 - pparootpath File Inclusion source: https://www.securityfocus.com/bid/14209/info PPA is susceptible to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitra...

Pngren 2.0.1 - 'Kaiseki.cgi' Remote Command Execution

source: https://www.securityfocus.com/bid/14182/info pngren is prone to a remote arbitrary command execution vulnerability. Reportedly, this issue arises when the user-specified values are passed to the 'kaiseki.cgi' script. Due to this, an attacker can supply arbitrary commands and have them...

hostingController.txt

Cross-Site Scripting CSS in Hosting Controller All Version and hot fix it hehe ; [email protected] Ashiyane Security Team SegmentationFault Group iam sun-os hehe :P Greetz to : S4P0 - failed - Xsupr3mo - Status-x - Stealh Greetz to : berhooz - nima - ehsan - Mehrtash and...