210 matches found
CVE-2012-1248
app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain...
MySQLDumper 1.24.4 Multiple Vulnerabilities
Exploit for php platform in category web applications ================================================================================================ Vulnerable Software: MySQLDumper Version 1.24.4 Downloaded from: http://sourceforge.net/projects/mysqldumper/files/ MD5 SUM:...
Irongeek's Shared hosting MD5 Change Detection Script
Irongeek's Shared hosting MD5 Change Detection Script Adrian Crenshaw aka Irongeek just release another great tool for web admins that will monitor the files on a website, and report any changed via email. Actually "irongeek.com" was hacked few days back which is hosted on a shared hosting. There...
Interspire Shopping Cart Insecure Permissions
========= Product: Interspire Shopping Cart ========= Problem: config/config.php MUST be httpd-readable inter-domain read access permitted, which is a problem on shared hosting ========= About product: What is Interspire Shopping Cart? Interspire Shopping Cart is the most feature rich, all-in-one...
Massive Injection Campaign Affecting More Than Six Million Pages
We recently reported on a massive drive-by-download campaign affecting some 90,000 Web pages. In the less than two weeks since that report, the same campaign is now affecting more than six million pages. The obvious question is: why has there been such an aggressive increase in the number of...
Pligg CMS 1.1.3 Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit title: Pligg CMS file existence exploration/shared hosting privilege escalation H.ackAck.net Found by: Jelmer de Hen 15/03/2011 I released some Pligg exploits: http://h.ackack.net/the-pligg-cms-0dayset-1.html 22/03/2011 a patch became...
Pligg CMS 1.1.3 - Multiple Vulnerabilities
Pligg CMS 1.1.3 - Multiple Vulnerabilities Exploit title: Pligg CMS file existence exploration/shared hosting privilege escalation H.ackAck.net Found by: Jelmer de Hen 15/03/2011 I released some Pligg exploits: http://h.ackack.net/the-pligg-cms-0dayset-1.html 22/03/2011 a patch became evailable;...
Pligg CMS 1.1.3 - Multiple Vulnerabilities
Exploit title: Pligg CMS file existence exploration/shared hosting privilege escalation H.ackAck.net Found by: Jelmer de Hen 15/03/2011 I released some Pligg exploits: http://h.ackack.net/the-pligg-cms-0dayset-1.html 22/03/2011 a patch became evailable; patching took 7 days:...
Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Watcher 1.4.1 - latest version download
"Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...
Fixed in Apache Tomcat 7.0.4
Low: SecurityManager file permission bypass CVE-2010-3718 When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate file...
PHP 5.3.1 - 'session_save_path() Safe_mode()' Restriction Bypass Exploiot
source: https://www.securityfocus.com/bid/38182/info PHP is prone to a 'safemode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write session files in arbitrary directions. This vulnerability would be an issue in shared-hosting configurations where multiple user...
FreeWebshop.org: multiple vulnerabilities
------------------------------------------------------------------------ FreeWebshop.org: multiple vulnerabilities ------------------------------------------------------------------------ Yorick Koster, March 2009 ------------------------------------------------------------------------ Abstract...
FreeWebShop 2.2.9 R2 SQL Injection / Traversal / Etc
------------------------------------------------------------------------ FreeWebshop.org: multiple vulnerabilities ------------------------------------------------------------------------ Yorick Koster, March 2009 ------------------------------------------------------------------------ Abstract...
PHP 5.2.11, 5.3.0 Multiple Restriction-Bypass Vulnerabilities
PHP is prone to a SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.100281"...
PHP <=5.3 - preg_match() full path disclosure
Exploit for unknown platform in category remote exploits ============================================= PHP =5.3 - pregmatch full path disclosure ============================================= Title: PHP =5.3 - pregmatch full path disclosure CVE-ID: OSVDB-ID: Author: David Vieira-Kurz Published:...
PHP 5.3 - preg_match() Full Path Disclosure
PHP 5.3 - pregmatch Full Path Disclosure MajorSecurity Advisory 57PHP =5.3 - pregmatch full path disclosure Details ======= Product: PHP =5.3 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.php.net/ Vendor-Status: informed Advisory-Status: published Credits ============...
PHP 5.3 - mail.log Configuration Option open_basedir Restriction Bypass
PHP 5.3 - mail.log Configuration Option openbasedir Restriction Bypass source: https://www.securityfocus.com/bid/36007/info PHP is prone to an 'openbasedir' restriction-bypass vulnerability because of a design error. Successful exploits could allow an attacker to write files in unauthorized...
PHP 5.3 - 'mail.log' Configuration Option 'open_basedir' Restriction Bypass
source: https://www.securityfocus.com/bid/36007/info PHP is prone to an 'openbasedir' restriction-bypass vulnerability because of a design error. Successful exploits could allow an attacker to write files in unauthorized locations. This vulnerability would be an issue in shared-hosting...
PHP 5.2.9 cURL - Safe_mode open_basedir Restriction Bypass
PHP 5.2.9 cURL - Safemode openbasedir Restriction Bypass source: https://www.securityfocus.com/bid/34475/info PHP is prone to a 'safemode' and 'openbasedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access files in unauthorized locations. This vulnerability...