Koschtit Image Gallery 1.82 Local File Inclusion

:local file include: script: koschtitimagegalleryv1.82 download from:http://koschtit..tabere.net/download/ or http://koschtit.tabere.net/en/getit vul:/kibase/kimakepic.php ifisset$GET'file' $file = "../kigalleries/".$GET'file'; else exit; $gallery = substr$GET'file', 0, strpos$GET'file', "/";...

CVE-2008-6537

LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $GET but later accessed using $REQUEST...

Cross site request forgery (csrf)

LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $GET but later accessed using $REQUEST...

CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...

DEBIAN-CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...

5 3 since the start of the way-vulnerability warning-the black bar safety net

Source: CoolDiyer's Blog Registry 1. HKEYLOCALMACHINE\Software\Microsoft\windows\Curr entVersion\Run\ All values in this key are executed. 2. HKEYLOCALMACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce\ All values in this key are executed, and then their autostart reference is deleted. 3...

[SECURITY] Fedora 9 Update: NetworkManager-0.7.0.99-1.fc9

NetworkManager attempts to keep an active network connection available at a ll times. It is intended only for the desktop use-case, and is not intended f or usage on servers. The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible. If using ...

libpng arbitrary free() flaw

The PNG reference library aka libpng before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PNG file that triggers a free of an...

FreeBSD/x86 - execve(/bin/cat & /etc/master.passwd) - 65 bytes

No description provided by source. ; sm4x 2008 ; /bin/cat /etc/master.passwd ; 65 bytes ; FreeBSD 7.0-RELEASE global start start: xor eax, eax ; --- setuid0 push eax push eax mov al, 0x17 int 0x80 ; --- setup /etc/master.passwd jmp short loadfile ok: pop esi ; setup /bin/cat push eax push...

CVE-2009-0651

Unspecified vulnerability in the Veritas network daemon aka vnetd in Symantec Veritas NetBackup Server / Enterprise Server 5.x, 6.0 before MP7 SP1, and 6.5 before 6.5.3.1 allows remote attackers to execute arbitrary code via unknown vectors related to "initial communications setup."...

Design/Logic Flaw

Unspecified vulnerability in the Veritas network daemon aka vnetd in Symantec Veritas NetBackup Server / Enterprise Server 5.x, 6.0 before MP7 SP1, and 6.5 before 6.5.3.1 allows remote attackers to execute arbitrary code via unknown vectors related to "initial communications setup."...

Becky! Internet Mail Read Receipt请求缓冲区溢出漏洞

BUGTRAQ ID: 33756 Becky! Internet Mail是一个常用的Email客户端软件。 Becky! Internet Mail客户端没有正确地处理read receipt请求。如果用户查看了特制的邮件并允许发送read receipt请求的话，就可以触发缓冲区溢出，导致执行任意代码。 RimArts Becky! Internet Mail 2.48.02 厂商补丁： RimArts ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.rimarts.co.jp/index.html 在General...

JVN#29641290 Becky! Internet Mail buffer overflow vulnerability

Becky! Internet Mail is an email client software. Becky! Internet Mail contains a buffer overflow vulnerability as it does not properly handle read receipt requests. Impact If the user views a specially crafted email and allows a read receipt to be sent, arbitrary code may be executed. Solution...

CVE-2009-0416

The SSL certificate setup program genSslCert.sh in Standards Based Linux Instrumentation for Manageability SBLIM sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the 1 /var/tmp/key.pem, 2 /var/tmp/cert.pem, and 3 /var/tmp/ssl.cnf temporary files...

RealNetworks Helix Server < 11.1.8 / 12.0.1 Multiple Vulnerabilities

Binary data 4919.prm...

Sql injection

Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done GTD 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter...

CVE-2008-5963

Gravity GTD (Getting Things Done) up to version 0.4.5 is affected by an eval-injection vulnerability in library/setup/rpc.php that allows remote attackers to execute arbitrary PHP code via the objectname parameter. This CVE (CVE-2008-5963) is rated high by NVD (base score 10.0) with network attac...

Buffer overflow

Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to 1 cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via 2 an NTLM authentication request with malformed...

Simple Machines Forum - Destroyer 0.1

Exploit for unknown platform in category web applications ===================================== Simple Machines Forum - Destroyer 0.1 ===================================== !/usr/bin/perl use LWP::UserAgent; use Getopt::Std; use LWP::Simple; use HTTP::Request; Author: Xianur0 Uxmal666atgmail.com...

Simple Machines Forum (SMF) 1.0.13/1.1.5 - &#039;Destroyer 0.1&#039; Password Reset Security Bypass

!/usr/bin/perl use LWP::UserAgent; use Getopt::Std; use LWP::Simple; use HTTP::Request; Author: Xianur0 Uxmal666atgmail.com Cracks links Password Recovery Find Temporary Files executed by mods DB function Flood by Error Log File Path Disclosure List installed Mods Useful To Find Mods Vulnerable...