WFTPD 2.4.1RC11 REST Command Malformed File Write DoS

No description provided by source. source: http://www.securityfocus.com/bid/1506/info WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities. 1 Issuing a STAT command while a LIST is in progress will cause the ftp server to crash. 2 If the REST command is used to write past the...

WFTPD 2.4.1RC11 STAT/LIST Command DoS

No description provided by source. source: http://www.securityfocus.com/bid/1506/info WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities. 1 Issuing a STAT command while a LIST is in progress will cause the ftp server to crash. 2 If the REST command is used to write past the...

Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1284/info Apache HTTP Server 1.3.x win32 allows people to get a directory listing of a directory, if it is enabled in the config, even if an index file is present that would normally be displayed instead. This can be...

Xorg 1.4 to 1.11.2 File Permission Change PoC

No description provided by source. / xchmod.c -- Xorg file permission change vulnerability PoC Author: vladz http://vladz.devzero.fr Date: 2011/12/15 Software: www.x.org Version: Xorg 1.4 to 1.11.2 in all configurations. Xorg 1.3 and earlier if built with the USECHMOD preprocessor identifier Test...

Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)

No description provided by source. source: http://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementatio...

ProFTPD 1.2.x STAT Command Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6341/info A denial of service vulnerability has been reported for ProFTPD. It is possible to cause ProFTPD from responding to legitimate requests for service by issuing specially crafted STAT commands. This will result in...

CVE-2013-6936

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat Ajaxfs Plugin 2.0 for MyBB aka MyBulletinBoard allow remote attackers to execute arbitrary SQL commands via the 1 tooltip or 2 usertooltip parameter...

Sql injection

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat Ajaxfs Plugin 2.0 for MyBB aka MyBulletinBoard allow remote attackers to execute arbitrary SQL commands via the 1 tooltip or 2 usertooltip parameter...

CVE-2013-6936

CVE-2013-6936 describes multiple SQL injection vulnerabilities in the Ajaxfs plugin (MyBB), specifically in ajaxfs.php via the tooltip and usertooltip parameters in the Ajax forum stat plugin 2.0. Remote attackers could execute arbitrary SQL commands. OpenVAS notes a WillNotFix remediation.

CVE-2013-6936

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat Ajaxfs Plugin 2.0 for MyBB aka MyBulletinBoard allow remote attackers to execute arbitrary SQL commands via the 1 tooltip or 2 usertooltip parameter...

coreutils security, bug fix, and enhancement update

8.4-31.0.1 - clean up empty file if cp is failed Orabug 15973168 8.4-31 - adjust the fix for the du bindmounts failure836557 Mon Oct 07 2013 Ondrej Oprala - Fix su retvals once again 8.4-29 - CVE-2013-0221 CVE-2013-0223 CVE-2013-0222 - fix various segmentation faults in sort, uniq and join1015019...

Debian DSA-2795-2 : lighttpd - several vulnerabilities

Several vulnerabilities have been discovered in the lighttpd web server. It was discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate...

[SECURITY] [DSA 2795-1] lighttpd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2795-1 [email protected] http://www.debian.org/security/ Michael Gilbert November 13, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2795-2 (lighttpd - several vulnerabilities)

Several vulnerabilities have been discovered in the lighttpd web server. It was discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate...

[SECURITY] [DSA 2795-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2795-1 [email protected] http://www.debian.org/security/ Michael Gilbert November 13, 2013 http://www.debian.org/security/faq -...

DSA-2795-1 lighttpd - several

Bulletin has no description...

[SECURITY] Fedora 19 Update: nodejs-fstream-0.1.23-1.fc19

Provides advanced file system stream objects for Node.js. These objects are like FS streams, but with stat on them, and support directories and symbolic links, as well as normal files. Also, you can use them to set the stats on a file, even if you don't change its contents, or to create a symlink...

Setuid Nmap Exploit

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

WordPress Track That Stat 1.0.8 Cross Site Scripting

Hi We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the reported vulnerabilities and created a working exploit located below. Attached is one or more log files containing the output of our tool, identifying the location of the...

WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting

WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting source: https://www.securityfocus.com/bid/53551/info The Track That Stat plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this iss...