CSRF vulnerability exists in Aisooki enterprise website builder system V2.1

Aisok universal enterprise building system cicms is based on PHP + Mysql development of an enterprise website management system. CSRF vulnerability exists in Aisooker General Enterprise Website Builder System V2.1. An attacker can exploit this vulnerability to forge form links and trick...

unzip directory traversal revisited

unzip directory traversal revisited problem: well I kinda stumbled over this when i was looking for something else A while back some fuss was made over the use of .. sequences in archives because it allows you to craft an archive which will trojan your system on extraction the creators of unzip...

PT-2001-2370 · Microsoft · Windows 2000

Name of the Vulnerable Software and Affected Versions: Windows 2000 Description: The issue concerns the Task Manager in Windows 2000, which does not allow local users to end certain processes via the Process tab. Specifically, processes with uppercase letters in their names, such as winlogon.exe,...

Microsoft Windows SMB Registry : Key Permissions Path Subversion Local Privilege Escalation

Some SYSTEM registry keys can be written by non administrator. These keys contain paths to common programs and DLLs. If a user can change a path, then he may put a trojan program into another location say C:/temp and point to it. C Tenable Network Security, Inc. include"compat.inc"; if descriptio...

Finger Backdoor Detection

The remote finger daemon seems to be a backdoor, as it seems to react to the request : cmdrootsh@target If a root shell has been installed as /tmp/.sh, then this finger daemon is definitely a trojan, and this system has been compromised. C Tenable Network Security, Inc. include"compat.inc"; if...