Code injection

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

phpMyAdmin配置文件PHP代码注入漏洞

BUGTRAQ ID: 34526 CVECAN ID: CVE-2009-1285 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin所使用的setup脚本没有正确地过滤配置参数，如果远程攻击者向服务器提交了恶意的POST请求，就可以在所生成的配置文件中注入任意PHP代码。 phpMyAdmin phpMyAdmin 3.x phpMyAdmin phpMyAdmin 2.11.x phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

phpMyAdmin Setup Script Configuration Parameters Arbitrary PHP Code Injection (PMASA-2009-4)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application. This version is affected by the following vulnerabilities : - The setup script inserts the unsanitize...

Koschtit Image Gallery 1.82 Local File Inclusion

:local file include: script: koschtitimagegalleryv1.82 download from:http://koschtit..tabere.net/download/ or http://koschtit.tabere.net/en/getit vul:/kibase/kimakepic.php ifisset$GET'file' $file = "../kigalleries/".$GET'file'; else exit; $gallery = substr$GET'file', 0, strpos$GET'file', "/";...

CVE-2008-6537

LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $GET but later accessed using $REQUEST...

Cross site request forgery (csrf)

LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $GET but later accessed using $REQUEST...

CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...

DEBIAN-CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...

5 3 since the start of the way-vulnerability warning-the black bar safety net

Source: CoolDiyer's Blog Registry 1. HKEYLOCALMACHINE\Software\Microsoft\windows\Curr entVersion\Run\ All values in this key are executed. 2. HKEYLOCALMACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce\ All values in this key are executed, and then their autostart reference is deleted. 3...

[SECURITY] Fedora 9 Update: NetworkManager-0.7.0.99-1.fc9

NetworkManager attempts to keep an active network connection available at a ll times. It is intended only for the desktop use-case, and is not intended f or usage on servers. The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible. If using ...

libpng arbitrary free() flaw

The PNG reference library aka libpng before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PNG file that triggers a free of an...

FreeBSD/x86 - execve(/bin/cat & /etc/master.passwd) - 65 bytes

No description provided by source. ; sm4x 2008 ; /bin/cat /etc/master.passwd ; 65 bytes ; FreeBSD 7.0-RELEASE global start start: xor eax, eax ; --- setuid0 push eax push eax mov al, 0x17 int 0x80 ; --- setup /etc/master.passwd jmp short loadfile ok: pop esi ; setup /bin/cat push eax push...

CVE-2009-0651

Unspecified vulnerability in the Veritas network daemon aka vnetd in Symantec Veritas NetBackup Server / Enterprise Server 5.x, 6.0 before MP7 SP1, and 6.5 before 6.5.3.1 allows remote attackers to execute arbitrary code via unknown vectors related to "initial communications setup."...

Design/Logic Flaw

Unspecified vulnerability in the Veritas network daemon aka vnetd in Symantec Veritas NetBackup Server / Enterprise Server 5.x, 6.0 before MP7 SP1, and 6.5 before 6.5.3.1 allows remote attackers to execute arbitrary code via unknown vectors related to "initial communications setup."...

Becky! Internet Mail Read Receipt请求缓冲区溢出漏洞

BUGTRAQ ID: 33756 Becky! Internet Mail是一个常用的Email客户端软件。 Becky! Internet Mail客户端没有正确地处理read receipt请求。如果用户查看了特制的邮件并允许发送read receipt请求的话，就可以触发缓冲区溢出，导致执行任意代码。 RimArts Becky! Internet Mail 2.48.02 厂商补丁： RimArts ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.rimarts.co.jp/index.html 在General...

JVN#29641290 Becky! Internet Mail buffer overflow vulnerability

Becky! Internet Mail is an email client software. Becky! Internet Mail contains a buffer overflow vulnerability as it does not properly handle read receipt requests. Impact If the user views a specially crafted email and allows a read receipt to be sent, arbitrary code may be executed. Solution...

CVE-2009-0416

The SSL certificate setup program genSslCert.sh in Standards Based Linux Instrumentation for Manageability SBLIM sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the 1 /var/tmp/key.pem, 2 /var/tmp/cert.pem, and 3 /var/tmp/ssl.cnf temporary files...

RealNetworks Helix Server < 11.1.8 / 12.0.1 Multiple Vulnerabilities

Binary data 4919.prm...

Sql injection

Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done GTD 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter...

CVE-2008-5963

Gravity GTD (Getting Things Done) up to version 0.4.5 is affected by an eval-injection vulnerability in library/setup/rpc.php that allows remote attackers to execute arbitrary PHP code via the objectname parameter. This CVE (CVE-2008-5963) is rated high by NVD (base score 10.0) with network attac...