5314 matches found
Bitweaver R2 CMS - Arbitrary File Upload / Disclosure
WwW.BugReport.ir AmnPardaz Security Research Team Title: Bitweaver R2 CMS Vendor: http://www.bitweaver.org Bugs: source code disclosure, arbitrary file upload Vulnerable Version: 2 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: Bitweaver is...
Linux Kernel 2.6.22 - IPv6 Hop-By-Hop Header Remote Denial of Service
/ source: https://www.securityfocus.com/bid/26943/info The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to adequately validate specially crafted IPv6 'Hop-By-Hop' headers. Attackers can exploit this issue to cause a kernel panic, denying service to legitimate...
smbfs and apache+php source code disclosure
Because of different filename handling in Posix and Windows there is an issue with resolving filenames with a backslash "" character appended on a windows share. Consider you have a windows share mounted on a linux box with a php script on it - let's say info.php. Executing find info.php and find...
SquirrelMail未授权源代码修改包被入侵漏洞
BUGTRAQ ID: 26879 CNCAN ID:CNCAN-2007121804 SquirrelMail是一款流行的开放源代码的WEB MAIl程序。 SquirrelMail供应商报告源代码被入侵修改,存在很大的安全隐患,使用此不安全代码可导致以WEB权限执行任意指令。 目前没有详细漏洞细节提供。 SquirrelMail SquirrelMail 1.4.12 SquirrelMail SquirrelMail 1.4.11 升级程序: SquirrelMail SquirrelMail 1.4.11 SquirrelMail squirrelmail-1.4.13.tar....
MS Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047)
No description provided by source. include stdio.h include windows.h pragma commentlib, "mpr" pragma commentlib, "Rpcrt4" unsigned char szBindString = 0x05,0x00,0x0b,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x01,0x00,0x00,0x00,...
SuSE 10 Security Update : Mono (ZYPP Patch Number 2377)
By appending spaces to URLs and attackers could download the source code of scripts that normally get executed by the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
CVE-2007-6314
BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a 1 + plus, 2 . dot, or 3 %80 and similar characters to the file name in the URL...
Code injection
BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a 1 + plus, 2 . dot, or 3 %80 and similar characters to the file name in the URL...
CVE-2007-6314
BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a 1 + plus, 2 . dot, or 3 %80 and similar characters to the file name in the URL...
exoops-sql.txt
E-xoops multiple variable/scripts SQL injection vendor url: http://www.e-xoops.com Advisore: http://lostmon.blogspot.com/2007/12/ e-xoops-multiple-variablescripts-sql.html vendor notify:NO exploits available: YES E-xoops is content-community management system written in PHP-MySQL. E-xoops contain...
Simple HTTPD multiple security vulnerabilities
Directory traversal, script source code access...
CVE-2007-5901
Use-after-free vulnerability in the gssindicatemechs function in lib/gssapi/mechglue/ginitialize.c in MIT Kerberos 5 krb5 has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code...
Joomla! Mambo Component rsgallery 2.0b5 - catid SQL Injection
Joomla! Mambo Component rsgallery 2.0b5 - catid SQL Injection \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV86$2007 ----------------------------------------------------------------------------------------- ECHOADV86$2007 Mambo/Joomla Component rsgallery =...
CVE-2007-5901
Use-after-free vulnerability in the gssindicatemechs function in lib/gssapi/mechglue/ginitialize.c in MIT Kerberos 5 krb5 has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code...
An almost perfect crack zend encryption software-bug warning-the black bar safety net
pediy An almost perfect crack zend encryption software 用法 在 commands.txt file inside, 例如 php.exe -c c:\php4 test.php /tab /indent:1 It can be a test. php perfect decompile into source code. php4. x to php5,x. download:...
Ubuntu 6.06 LTS / 6.10 : mono vulnerability (USN-397-1)
Jose Ramon Palanco discovered that the mono System.Web class did not consistently verify local file paths. As a result, the source code for mono web applications could be retrieved remotely, possibly leading to further compromise via the application's source. Note that Tenable Network Security ha...
syndeocms-rfi.txt
-------------------------------------------- = = = Mdx c 2007 = = http://www.by-mdx.com = -------------------------------------------- = = =syndeoCMS 2.5.01 cmsdir Remote File Include = = ============================================ = = Download: = = http://sourceforge.net/projects/syndeocms =...
CVE-2002-2413
WebSite Pro 3.1.11.0 on Windows is affected by CVE-2002-2413, where a remote attacker can read script source code for files with extensions longer than 3 characters by requesting a URL that uses the equivalent 8.3 file name. The vulnerability is described in multiple sources (RH and NVD entries) ...
CVE-2007-5654
LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."...
Design/Logic Flaw
LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection."...