PHP 4.4.6 cpdf_open() Local Source Code Discslosure PoC

Exploit for multiple platform in category local exploits ======================================================= PHP 4.4.6 cpdfopen Local Source Code Discslosure PoC ======================================================= ?php / PHP 4.4.6 cpdfopen source code disclosure poc by rgod site:...

wp-compromise.txt

While assessing the security of WordPress, a popular blog creation software, I have discovered that it's source code has recently been compromised by a third party in order to enable remote command execution on the machines running affected versions. The compromised files are wp-includes/feed.php...

WordPress source code compromised to enable remote code execution

While assessing the security of WordPress, a popular blog creation software, I have discovered that it's source code has recently been compromised by a third party in order to enable remote command execution on the machines running affected versions. The compromised files are wp-includes/feed.php...

SUSE-SA:2006:044: libtiff

The remote host is missing the patch for the advisory SUSE-SA:2006:044 libtiff. This update of libtiff is the result of a source-code audit done by Tavis Ormandy, Google Security Team. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while...

With ASP Trojan FTP and decompression-vulnerability warning-the black bar safety net

In broilers placed on the website,the most troublesome is probably the update and upload a lot of files, Terminal Services broad daylight easy to be found,open your own ftp and not assured. Your own online in a circle is found by combining the non-component upload asp Trojan can be easily achieve...

With ASP Trojan FTP and decompression-vulnerability warning-the black bar safety net

In broilers placed on the website,the most troublesome is probably the update and upload a lot of files, Terminal Services broad daylight easy to be found,open your own ftp and not assured. Your own online in a circle is found by combining the non-component upload asp Trojan can be easily achieve...

Unfixed XSS vulnerability at www.planet-source-code.com

Security researcher iNs uNkn0wn.eu CreW, has submitted on 02/10/2007 a cross-site-scripting XSS vulnerability affecting www.planet-source-code.com, which at the time of submission ranked 16329 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...

WEB vulnerabilities mining techniques-vulnerability warning-the black bar safety net

Source: security focus Author: 7all sgh81at163.com WEB vulnerability Mining Technology |=---------------= WEB vulnerability Mining Technology=-----------------------------=| |=-----------------------------------------------------------------=| |=---------------= 7all7all7at163. com...

Directory traversal

include/debug.php in Webfwlog 0.92 and earlier, when registerglobals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct...

CVE-2007-0585

include/debug.php in Webfwlog 0.92 and earlier, when registerglobals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct...

CVE-2007-0585

CVE-2007-0585 concerns Webfwlog before 0.92: when register_globals is on, remote attackers can request conffile parameters via include/debug.php to obtain source code of files, with potential directory traversal implications. The connected documents corroborate the description but do not provide ...

EUVD-2007-0583

include/debug.php in Webfwlog 0.92 and earlier, when registerglobals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct...

CVE-2007-0585

include/debug.php in Webfwlog 0.92 and earlier, when registerglobals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct...

New MS07004 web Trojan source code-bug warning-the black bar safety net

html xmlns:v="urn:schemas-microsoft-com:vml" head object id="VMLRender" classid="CLSID:10072CEC-8CC1-11D1-986E-00A0C955B42E" /object style v: behavior: urlVMLRender; /style /head body SCRIPT language="javascript" setTimeout"document. location. reloadfalse",2 0 0 0; shellcode...

[SA23865] Enthusiast Cross-Site Scripting and SQL Injection

TITLE: Enthusiast Cross-Site Scripting and SQL Injection SECUNIA ADVISORY ID: SA23865 VERIFY ADVISORY: http://secunia.com/advisories/23865/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: Enthusiast 3.x http://secunia.com/product/13303...

[x0n3-h4ck] sabros.us 1.7 XSS Exploit

-=--------------------ADVISORY-------------------=- sabros.us 1.7 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: sabros.us -=+ Version: 1.7 -=+ Vendor's URL: http://sourceforge.net/projects/sabrosus/ -=+ Platform: WindowsLinuxUnix -=+ Bug...

GnuPG包含多个安全漏洞

GnuPG是一款开放源代码的PGP加密、解密、签名工具。 GnuPG存在多个未明安全问题，远程攻击者可以利用漏洞可能以应用程序进程权限执行任意指令。 这些问题只是可能存在的问题，因此这些问题的发现是由于代码审核后对代码进行增加一些代码检查和其他源代码的修补。根据报告可能由于整数溢出和缓冲区溢出错误而造成代码执行。 GNU Privacy Guard 1.4.6 目前没有解决方案提供： http://www.gnupg.org/...

Fedora Core 6 : mono-1.1.17.1-4.fc6 (2007-067)

A security problem was found and fixed in mono class libraries that affects the Mono web server implementation. By appending spaces to URLs attackers could download the source code of ASP.net scripts that would normally get executed by the web server. After upgrading the packages you need to...

[Full-disclosure] gnupg diff available

Hi! I did a gnupg audit recently. I was, frankly, appalled by the code quality. It is a desert of pointer manipulation, string copying, memcpy and strcpy are used all over the place, and sprintf, too. You can find my diff at http://dl.fefe.de/gnupg.dif Please note that a I might have missed...

iDefense Security Advisory 01.09.07: Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability

Adobe Macromedia ColdFusion Source Code Disclosure Vulnerability iDefense Security Advisory 01.09.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 09, 2007 I. BACKGROUND Adobe Macromedia ColdFusion is an application server and development framework for websites. More information is...