EUVD-2006-4624

Malware in sbrugna...

SZEWO PhpCommander Download.PHP本地文件包含漏洞

SZEWO PhpCommander是一款基于PHP的WEB应用程序。 SZEWO PhpCommander不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 问题是由于'Download.PHP'脚本对用户提交的WEB参数缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以WEB进程权限查看系统文件内容。 SZEWO PhpCommander 3.0 http://www.szewo.com/php/commander/eng/ !/usr/bin/php -q -d shortopentag=on $devilteam...

CVE-2006-4636

Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contai...

CVE-2006-4636

The CVE-2006-4636 entry concerns a directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier. An attacker can use the Directory parameter to include and execute arbitrary local files, demonstrated by values that target Apache log files containing PHP code. Affected product: SZEWO Ph...

CVE-2006-4636

Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contai...