Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval

No description provided by source. !/bin/bash Exploit by ShadowHatesYou [email protected] The resulting output is an SQL dump containing the Barracuda's configuration, which includes goodies such as: The administrative password for the BSFsystempassword MTA LDAP passwordsmtaldapadvancedpasswor...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2013:1065-1)

This update of phpMyAdmin fixes several security issues. - update to 3.5.8.1 2013-04-24 - security Remote code execution pregreplace, reported by Janek Vind see PMASA-2013-2 - security Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind see PMASA-2013...

Fedora 17 : phpMyAdmin-3.5.8.1-1.fc17 (2013-7000)

phpMyAdmin 3.5.8.1 2013-04-24 =============================== - security Remote code execution pregreplace, reported by Janek Vind see PMASA-2013-2 - security Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind see PMASA-2013-3 Note that Tenable Netwo...

Fedora 18 : phpMyAdmin-3.5.8.1-1.fc18 (2013-6977)

phpMyAdmin 3.5.8.1 2013-04-24 =============================== - security Remote code execution pregreplace, reported by Janek Vind see PMASA-2013-2 - security Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind see PMASA-2013-3 Note that Tenable Netwo...

Fedora 19 : phpMyAdmin-3.5.8.1-1.fc19 (2013-6928)

phpMyAdmin 3.5.8.1 2013-04-24 =============================== - security Remote code execution pregreplace, reported by Janek Vind see PMASA-2013-2 - security Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind see PMASA-2013-3 Note that Tenable Netwo...

Locally Saved SQL Dump File Multiple File Extension Remote Code Execution.

PMASA-2013-3 Announcement-ID: PMASA-2013-3 Date: 2013-04-24 Summary Locally Saved SQL Dump File Multiple File Extension Remote Code Execution. Description phpMyAdmin can be configured to save an export file on the web server, via its SaveDir directive. With this in place, it's possible, either vi...

SQL Dump Files Disclosed via Web Server

The remote web server hosts publicly available files that contain SQL instructions. These files are most likely database dumps and may contain sensitive information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Barracuda Networks Spam And Virus Firewall Configuration Retrieval

!/bin/bash Exploit by ShadowHatesYou [email protected] The resulting output is an SQL dump containing the Barracuda's configuration, which includes goodies such as: The administrative password for the BSFsystempassword MTA LDAP passwordsmtaldapadvancedpassword Password for each configured...

Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Configuration

Exploit for cgi platform in category remote exploits =================================================================== Barracuda Networks Spam & Virus Firewall " echo "" exit; fi; curl http://$1:8000/cgi-mod/viewhelp.cgi?locale=/../../../../../../../mail/snapshot/config.snapshot%00 $1.config ls...

Barracuda Networks Spam &amp; Virus Firewall 4.1.1.021 - Remote Configuration Retrieval

!/bin/bash Exploit by ShadowHatesYou [email protected] The resulting output is an SQL dump containing the Barracuda's configuration, which includes goodies such as: The administrative password for the BSFsystempassword MTA LDAP passwordsmtaldapadvancedpassword Password for each configured...

Barracuda Networks Spam Virus Firewall 4.1.1.021 - Remote Configuration Retrieval

Barracuda Networks Spam Virus Firewall 4.1.1.021 - Remote Configuration Retrieval !/bin/bash Exploit by ShadowHatesYou [email protected] The resulting output is an SQL dump containing the Barracuda's configuration, which includes goodies such as: The administrative password for the...

Engeman 6.x.x SQL Injection

Engeman is a Brasilian software for maintenance control. Version tested: 6.x.x and prior. Next versions appears vulnerable too. The attacker can inject sql codes in username textbox: SQL dump affter injection: select nome,senha,diasexp,dataltsen,permitetroca from cfgusr where nome='NULL' OR NOME'...

CVE-2006-6253

Cahier de texte 2.0 stores sensitive information under the web root, possibly with insufficient access control, which might allow remote attackers to obtain all users' passwords via a direct request for administration/dump.sql...