Kerio WinRoute Firewall Web Server < 6 - Source Code Disclosure

Exploit Title: Kerio WinRoute Firewall Embedded Web ServerVersion: Source Code Disclosure Google Dork: Date: 10.05.2012 Author: Eugene Salov, Andrey Komarov Group-IB, http://group-ib.ru Software Link: http://winroute.ru/keriowinroutefirewall.htm Version: prior to 6 Tested on: Microsoft Windows CV...

MegaFileManager 1.0 LFI

File disclosure vulnerability in MegaFileManager cimages.php Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

http-vuln-cve2012-1823 NSE Script

Detects PHP-CGI installations that are vulnerable to CVE-2012-1823, This critical vulnerability allows attackers to retrieve source code and execute code remotely. The script works by appending "?-s" to the uri to make vulnerable php-cgi handlers return colour syntax highlighted source. We use th...

PHP < 5.3.13, 5.4.x < 5.4.3 Multiple Vulnerabilities - Active Check

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.103482"...

PHP-CGI远程任意代码执行漏洞

CVE ID: CVE-2012-1823 PHP是一种HTML内嵌式的语言，PHP与微软的ASP颇有几分相似，都是一种在服务器端执行的嵌入HTML文档的脚本语言，语言的风格有类似于C语言，现在被很多的网站编程人员广泛的运用。可以被各种Web服务器以多种方式调用，实现动态网页的功能。 PHP处理参数的传递时存在漏洞，在特定的配置情况下，远程攻击者可能利用此漏洞在服务器上获取脚本源码或执行任意命令。 当PHP以特定的CGI方式被调用时（例如Apache的modcgid），php-cgi接收处理过的查询格式字符串作为命令行参数，允许命令行开关（例如-s、-d...

PHP 'php-cgi' Information Disclosure Vulnerability

Description PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected...

PHP-CGI query string parameter vulnerability

Overview PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. Description According to PHP's website, "PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML." When PHP is use...

eFront 3.6.9 LFI

Local file include vulnerability in eFront js/scripts.php Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

WHMCS 4.2 File Disclosure

Local file disclosure vulnerability in WHMCS cart.php Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

CMS Made Simple 1.4.1 LFI

Local file include vulnerability in CMS Made Simple cmslanguage cookie parameter Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

Novell GroupWise 8 WebAccess File Disclosure

File disclosure vulnerability in Novell GroupWise WebAccess Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

Exponent CMS 2.0.2 LFI

Local file include vulnerability in Exponent CMS module parameter Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

MODx Revolution 2.0.2-pl LFI

Local file include vulnerability in MODx classkey parameter Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

Permanent Reverse TCP Backdoor for IPhone and IPad

Security Expert from Coresec explains the use of a Permanent Reverse TCP Backdoor "sbd-1.36" for IPhone and IPad developed by Michel Blomgren. sbd is a Netcat-clone, designed to be portable and offer strong encryption. It runs on Unix-like operating systems and on Microsoft Win32. sbd features...

VMWare Source Code leaked by Anonymous Hackers

VMware on Tuesday announced that a single file from its ESX server hypervisor source code has been posted online, and it held out the possibility that more proprietary files could be leaked in the future. "The fact that the source code may have been publicly shared does not necessarily mean that...

E-Mail, Source Code From VMWare Bubbles Up From Compromised Chinese Firm

In what looks like the IT equivalent of the Deepwater Horizon oil spill disaster, purloined data and documents, including source code belonging to the U.S. software firm VMWare, continue to bubble up from the networks of a variety of compromised Chinese firms, according to “Hardcore Charlie,” an...

Newscoop RFI

type a short description of the vulnerability here Vulnerability Type: Remote File Include For the exploit source code contact DSquare Security sales team...

[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0

waraxe-2012-SA080 - Multiple Vulnerabilities in NextBBS 0.6.0 =============================================================================== Author: Janek Vind "waraxe" Date: 27. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-80.html Description of vulnerable software:...

Lenovo ThinkManagement Console 9.0.3 File Upload

File upload vulnerability in Lenovo ThinkManagement Console Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

. the svn directory does not have permissions to restrict the use of loopholes in the summary(including the repair program)-vulnerability warning-the black bar safety net

The existing site use. svn to do a production environment version control, however. the svn directory does not have to do the access restrictions, you can through the. svn/entries to traverse the file and directory list. In order to save energy, I wrote a php scripthttp://rains.im/?q=node/18to do...