[shopex.cn] - 3 处源代码下载、泄漏敏感信息漏洞

简要描述： 可通过 URL 直接下载或查看 Web 程序目录结构、源代码、 Subversion 服务器地址、有权限修改程序的账号等信息。 详细说明： 漏洞证明： http://dev.shopex.cn/.svn/entries http://book.shopex.cn/.svn/entries http://jnc.saas-telcom.shopex.cn/.svn/entries...

CVE-2010-3897

ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file...

Metinfo 3.0 - Multiple Vulnerabilities

Metinfo 3.0 - Multiple Vulnerabilities Exploit Title: metinfo3.0 Mullti Vulnerability Date : 10-11-2010 Author : anT!-Tr0J4n Version : 3.0 DorK : Powered by MetInfo 3.0 Home : www.Dev-PoinT.com : http://milw0rm.ws Email : D3v-PoinTathotmaild0tcom & C1EHatHotmaild0tcom Vendor£ :...

Metinfo 3.0 - Multiple Vulnerabilities

Exploit Title: metinfo3.0 Mullti Vulnerability Date : 10-11-2010 Author : anT!-Tr0J4n Version : 3.0 DorK : Powered by MetInfo 3.0 Home : www.Dev-PoinT.com : http://milw0rm.ws Email : D3v-PoinTathotmaild0tcom & C1EHatHotmaild0tcom Vendor£ : http://www.metinfo.cn/ Greetz : Dev-PoinT.com ; GlaDiatOr...

Metinfo3.0 Multiple Vulnerability

Exploit for php platform in category web applications ================================= Metinfo3.0 Multiple Vulnerability ================================= || || | || o,7 || . o7 || 4||| ow, : / / . 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0...

[SECURITY] Fedora 14 Update: cvs-1.11.23-11.fc14

CVS Concurrent Versions System is a version control system that can record the history of your files usually, but not always, source code. CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why...

Dolphin 7.0.3 File Disclosure / SQL Injection

===================================================================== Dolphin Vulnerability SQL Injection / disclosure Vulnerability ===================================================================== || || | || o,7 || . o7 || 4||| ow, : / /...

Dolphin 7.0.3 - Multiple Vulnerabilities

Exploit Title: Dolphin Mullti Vulnerability Date : 29-10-2010 Author : anT!-Tr0J4n Version : 7.0.3 DorK : Powered by Dolphin Greetz : Dev-PoinT.com inj3ct0r.com All Dev-poinT members and my friends Home : www.Dev-PoinT.com : http://inj3ct0r.com Email : D3v-PoinTathotmaild0tcom & C1EHatHotmaild0tc...

Dolphin 7.0.3 - Multiple Vulnerabilities

Dolphin 7.0.3 - Multiple Vulnerabilities Exploit Title: Dolphin Mullti Vulnerability Date : 29-10-2010 Author : anT!-Tr0J4n Version : 7.0.3 DorK : Powered by Dolphin Greetz : Dev-PoinT.com inj3ct0r.com All Dev-poinT members and my friends Home : www.Dev-PoinT.com : http://inj3ct0r.com Email :...

FUSE fusermount Tool - Race Condition

source: https://www.securityfocus.com/bid/44623/info http://www.halfdog.net/Security/FuseTimerace/ FUSE fusermount tool is prone to a race-condition vulnerability. A local attacker can exploit this issue to cause a denial of service by unmounting any filesystem of the system...

SmartOptimizer - Null Character Remote Information Disclosure

source: https://www.securityfocus.com/bid/44578/info SmartOptimizer is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process...

Dolphin SQL Injection / disclosure Vulnerability

Exploit for php platform in category web applications ================================================ Dolphin SQL Injection / disclosure Vulnerability ================================================ || || | || o,7 || . o7 || 4||| ow, : / /...

[SECURITY] Fedora 13 Update: cvs-1.11.23-10.fc13

CVS Concurrent Versions System is a version control system that can record the history of your files usually, but not always, source code. CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why...

Visual Synapse Directory Traversal

Syhunt Advisory: Visual Synapse HTTP Server Directory Traversal Vulnerability Advisory-ID: 201010071 Discovery Date: 09.07.2010 Release Date: 10.07.2010 Affected Applications: Visual Synapse HTTP Server 1.0 RC3, 1.0 RC2, 1.0 RC1, 0.60 and previous releases; And any applications using the Visual...

Cag CMS Version 0.2 <= XSS & Blind SQL Injection Multiple

Exploit for php platform in category web applications ========================================================= Cag CMS Version 0.2 = XSS & Blind SQL Injection Multiple ========================================================= Author : Shamus Date : October, 05th 2010 Location : Solo && Jogjakart...

[ECHO_ADV_113$2010] BSI Hotel Booking System Admin Login Bypass Vulnerability

----------------------------------------------------------------------------------------- ECHOADV113$2010 BSI Hotel Booking System Admin Login Bypass Vulnerability ----------------------------------------------------------------------------------------- Author : K-159 Date : September, 22th 2010...

BSI Hotel Booking System Admin 1.42.0 - Authentication Bypass

BSI Hotel Booking System Admin 1.42.0 - Authentication Bypass ----------------------------------------------------------------------------------------- ECHOADV113$2010 BSI Hotel Booking System Admin Login Bypass Vulnerability...

Samba Update Patches Serious Security Hole

Existing versions of Samba contain a serious security hole. Experts say: upgrade now. The Samba Team has published a software update to patch a stack overflow vulnerability that could allow attackers to push malicious code to vulnerable systems. The update, Version 3.5.5 was released on Tuesday a...

LiteSpeed Web Server Source Code Information Disclosure

The installed version of the LiteSpeed web server software on the remote host returns the source of scripts hosted on it when a NULL byte and '.txt' is appended to the request URL. A remote attacker may be able to leverage this issue to view a file on the web server's source code and possibly...

Xerver 4.32 Source Disclosure and HTTP Authentication Bypass

No description provided by source. Exploit Title: Xerver Source Disclosure and HTTP Auth Bypass Date: 01 Aug 2010 Author: Ben Schmidt aka supernothing Software: http://www.javascript.nu/xerver/ Version: 4.32 and prior Tested on: Windows XP SP3 CVE: N/A This file is derived from part of the...