plumeCMS113.txt

The original article can be found at: http://www.hamid.ir/security/ http://www.IHSteam.com Vulnerable Systems: Plume CMS 1.1.3 Vulnerable Code : path/plume-1.1.3/plume/manager/tools/link/dbinstall.php //Vulnerable Code :line 39 requireonce $PXconfig'managerpath'.'/inc/class.checklist.php';...

StudIP1302.txt

/------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational facilities and enterprises. http://www.studip.de...

Plume CMS 1.1.3 - dbinstall.php Remote File Inclusion

Plume CMS 1.1.3 - dbinstall.php Remote File Inclusion /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Plume CMS Remote File Inclusion It uses PHP and MySql. With a single installation of Plume you can have multiple websites,...

Plume CMS 1.1.3 (dbinstall.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================= Plume CMS 1.1.3 dbinstall.php Remote File Include Vulnerability =================================================================...

Plume CMS 1.1.3 (dbinstall.php) Remote File Include Vulnerability

No description provided by source. /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Plume CMS Remote File Inclusion It uses PHP and MySql. With a single installation of Plume you can have multiple websites, file management,...

Plume CMS 1.1.3 - 'dbinstall.php' Remote File Inclusion

/------------------------------------------------ IHS Public advisory -------------------------------------------------/ Plume CMS Remote File Inclusion It uses PHP and MySql. With a single installation of Plume you can have multiple websites, file management, multiple authors with different righ...

Stud.IP <= 1.3.0-2 Multiple Remote File Include Vulnerabilities

No description provided by source. /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational facilities and...

Stud.IP 1.3.0-2 - Multiple Remote File Inclusions

/------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational facilities and enterprises. http://www.studip.de...

CVE-2006-3231

Unspecified vulnerability in IBM WebSphere Application Server WAS before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters."...

[SA20436] PyBlosxom Contributed Packages Cross-Site Scripting Vulnerability

---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...

ishopcart-cgi-bof.c.txt

Vendor: ishopcart inc Vendor Site: ishopcart.com Vendor Status: notified via telephone While spending a night auditing I have found 2 buffer overflows and 1 directory traversal in the ishopcart cgi, which is written in C. The directory traversal is caused by how the cgi chooses to show pages. If,...

Code injection

jetty 6.0.x jetty6 beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations...

CVE-2006-2759

Jetty 6.0.x (jetty6) beta16 has an information-disclosure vulnerability: remote attackers can read the source of JSP files by using a capital P in the .jsp extension (and likely other mixed-case variants). The issue is confirmed across multiple sources (NVD, SUSE, GHSA, OSV, Veracode, PRION, CVE ...

Design/Logic Flaw

The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files...

CVE-2006-2309

The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files...

CVE-2006-2309

The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files...

Multiple eserv IMAP mail server and web server vulnerabilities

IMAP server directory traversal, HTTP scripts source code disclosure...

DGNews v 1.5 File Upload Vuln.

DGNews v 1.5 File Upload Vuln. Vuln. discovered by : r0t Date: 29 may 2006 vendor:www.diangemilang.com/dgscripts.php affected versions:v 1.5 and prior orginal advisory: http://pridels.blogspot.com/2006/05/dgnews-v-15-file-upload-vuln.html Vuln. Description: It is possible to upload arbitrary file...

“Vulnerability exploits”is compiled out of the-vulnerability warning-the black bar safety net

Step 2. Choose to install the desired program source of the method There are 3 kinds of way.“ The Install from Internet”to directly download the desired program and immediately installed; the“Download from Internet”to only download the required program and is not installed; the“Install from Local...

[MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability

MajorSecuritySocketmail = 2.2.6 - Remote File Include Vulnerability -------------------------------------------------------- Software: Socketmail Version: =2.2.6 Type: Remote File Include Vulnerability Date: May, 25th 2006 Vendor: Creative Digital Resources Page: http://socketmail.com Risc: High...