iOS iFileExplorer Free - Directory Traversal

iOS iFileExplorer Free - Directory Traversal Exploit Title: iPod Touch/iPhone iFileExplorer Free Directory Traversal Date: 04/03/2011 UK date format Author: theSmallNothing Software Link: http://itunes.apple.com/gb/app/ifileexplorer-protect-multi/id355253462?mt=8 Version: 2.8 Tested on: iPod Touc...

Hack Record Book

Записная книга для хранения и обработки найденных на сайтах уязвимостей. Можно сохранить: + Ссылку. + Описание уязвимости. + ТИЦ, PR можно узнать автоматически. + Alexa rate. + Google indexed|not filtered pages count. + Дату и время записи. + Рейтинг уязвимости. + Ваши личные заметки по данному...

Fedora 14 : proftpd-1.3.3c-1.fc14 (2010-17091)

This is an update to the current upstream maintenance release, which addresses two security issues that can be exploited by malicious users to manipulate certain data and compromise a vulnerable system. - A logic error in the code for processing user input containing the Telnet IAC Interpret As...

Fedora 13 : proftpd-1.3.3c-1.fc13 (2010-17098)

This is an update to the current upstream maintenance release, which addresses two security issues that can be exploited by malicious users to manipulate certain data and compromise a vulnerable system. - A logic error in the code for processing user input containing the Telnet IAC Interpret As...

openSUSE Security Update : dovecot12 (openSUSE-SU-2010:0923-1)

dovecot granted admin rights to all owner mailboxes CVE-2010-3706. When using multiple ACL entries for mailboxes the most specific one was not always applied CVE-2010-3707. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

openSUSE Security Update : dovecot12 (openSUSE-SU-2010:0636-1)

When using Maildir all ACLs on INBOX were copied to newly created mailboxes although only default ACLs should have been copied CVE-2010-3304. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

PHP 5.2 < 5.2.14 Multiple Vulnerabilities

According to its banner, the version of PHP 5.2 installed on the remote host is older than 5.2.14. Such versions may be affected by several security issues : - An error exists when processing invalid XML-RPC requests that can lead to a NULL pointer dereference. bug 51288 CVE-2010-0397 - An error...

PHP < 5.2.14 / 5.3.x < 5.3.3 Multiple Vulnerabilities

Binary data 5616.prm...

CMSQLite CMySQLite 1.3 - Cross-Site Request Forgery

CMSQLite CMySQLite 1.3 - Cross-Site Request Forgery Title: CMSQlite & CMySQLite CSRF Vulnerability Author: ADEO Security Published: 28/06/2010 Version: v1.3 = Vendor: http://www.cmsqlite.net Description: "CMSQLite is a small, fast, flexible and complete Content-Management-System CMS. It's perfect...

CMSQlite & CMySQLite CSRF Vulnerability

Exploit for php platform in category web applications ======================================= CMSQlite & CMySQLite CSRF Vulnerability ======================================= Title: CMSQlite & CMySQLite CSRF Vulnerability Author: ADEO Security Published: 28/06/2010 Version: v1.3 = Vendor:...

RSA Key Manager SQL injection Vulnerability &#40; CVE-2010-1904 &#41;

Product: RSA Key Manager Vendor: EMC/RSA Vulnerable Component: Key Manager Client Vulnerable Component Version: 1.5.x Vulnerability Type: SQL injection Vendor Contact Date: 4/20/2010 Status: Vendor does not want to fix the vulnerability. Vulnerability Details: RSA Key Manager Client software uses...

RSA Key Manager version 1.5.x SQL Injection Vulnerability

Exploit for php platform in category web applications ========================================================= RSA Key Manager version 1.5.x SQL Injection Vulnerability ========================================================= CVE: CVE-2010-1904 Product: RSA Key Manager Vendor: EMC/RSA Vulnerabl...

RSA Key Manager 1.5.x SQL Injection

CVE: CVE-2010-1904 Product: RSA Key Manager Vendor: EMC/RSA Vulnerable Component: Key Manager Client Vulnerable Component Version: 1.5.x Vulnerability Type: SQL injection Vendor Contact Date: 4/20/2010 Status: Vendor does not want to fix the vulnerability. Vulnerability Details: RSA Key Manager...

Bitrac personal blog system upload vulnerability-vulnerability warning-the black bar safety net

Bitrac the official version, Bitrac is based on ASP.NET 2.0 + SQLite for single-user blogging application, built-in URLRewrite and page compression, supports the MetaWeblogAPI, the self-write the HTML template engine, easy to modify style, full visual editing environment. The current vendors have...

CMSQLite &lt;= 1.2 mod参数本地文件包含漏洞

CMSQLite是基于PHP和SQLite的内容管理系统。 CMSQlite的index.php页面存在本地文件包含漏洞： / SET MODULE / ifisset$GET'mod' $module=$GET'mod'; else $module="index"; ... iffileexists"template/".$module.".php" include "template/".$module.".php"; else include "template/index.php"; 通过更改mod URL参数就可以包含webserver上的任意文件，导致泄漏敏感信息。...

Bitrac 1.25.0.2500个人博客系统上传漏洞

Bitrac 正式版本，Bitrac 是基于 ASP.NET 2.0 + SQLite 的单用户博客程序，内置 URLRewrite 和页面压缩功能，支持 MetaWeblogAPI，自写的 HTML 模板引擎，方便修改风格，完全的可视化编辑环境。 首先说一下Bitrac在线升级顺序。 在后台请求 升级 Control.ashx Automat string sCode = SiteFun.RandomStr9; AdmStat.SetLockFilesCode; 在网站Errors目录随机生成一个.lock 文件,同时文件名记录在 Autoset.Cookie + "Lock"...

CMSQLite <= 1.2 c参数SQL注入漏洞

CMSQLite是基于PHP和SQLite的内容管理系统。 CMSQlite的index.php页面存在SQL注入漏洞： ifisset$GET'c' $contentId=$GET'c'; else if $seourl $arrArticleInfo = $SYSTEM-resolveURL$SERVER'REQUESTURI', $langId; ifempty$arrArticleInfo $contentId=1; else $contentId = $arrArticleInfo0'articleId'; $module = $arrArticleInfo0'module';...

PHP 5.2.x < 5.2.14, 5.3.x < 5.3.3 Multiple RCE Vulnerabilities

PHP is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php";...

CVE-2010-1868

The 1 sqlitesinglequery and 2 sqlitearrayquery functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory...

Code injection

The 1 sqlitesinglequery and 2 sqlitearrayquery functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory...