1394 matches found
XOOPS Module Uploader 1.1 (filename) File Disclosure Vulnerability
Exploit for unknown platform in category web applications ================================================================== XOOPS Module Uploader 1.1 filename File Disclosure Vulnerability ================================================================== MMM MMM MMM MMM MMMMMMMMMMMMM MMMMMMMMM...
PhotoStockPlus Uploader Tool ActiveX控件栈溢出漏洞
BUGTRAQ ID: 29279 CVECAN ID: CVE-2008-0957 Photostockplus是加拿大一家在线出售各种图库的网站。 PhotoStockPlus所提供的Uploader Tool ActiveX控件(PSPUploader.ocx)在处理某些初始化参数时存在栈溢出漏洞。如果用户受骗访问了恶意站点的话,就可能触发这个溢出,导致执行任意代码。 PhotoStockPlus Uploader Tool ActiveX 临时解决方法: 为以下CLSID设置kill bit: E48BB416-C578-4A62-84C9-5E3389ABE5FC...
Stack overflow
Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control PSPUploader.ocx allow remote attackers to execute arbitrary code via unspecified initialization parameters...
CVE-2008-0957
Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control PSPUploader.ocx allow remote attackers to execute arbitrary code via unspecified initialization parameters...
PhotoStockPlus Uploader Tool ActiveX stack buffer overflows
Overview The PhotoStockPlus Uploader Tool ActiveX control contains several stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description PhotoStockPlus provides an image uploader ActiveX control, which is provided by the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 keywords parameter to upload/admin/index.php in a search action, the 2 msgcharset and 3 msgheader9 parameters to admin/inc/header.php, and the 4 keywords...
CVE-2008-2202
Multiple cross-site scripting XSS vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 keywords parameter to upload/admin/index.php in a search action, the 2 msgcharset and 3 msgheader9 parameters to admin/inc/header.php, and the 4 keywords...
CVE-2008-2202
Multiple cross-site scripting XSS vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 keywords parameter to upload/admin/index.php in a search action, the 2 msgcharset and 3 msgheader9 parameters to admin/inc/header.php, and the 4 keywords...
CVE-2008-2202
Maian Uploader 4.0 is affected by multiple cross-site scripting (XSS) vulnerabilities. The issues allow remote attackers to inject arbitrary web script or HTML via: (1) the keywords parameter to upload/admin/index.php in a search action, (2) the msg_charset parameter to admin/inc/header.php, (3) ...
Maian Uploader v4.0 XSS Vulnerabilities
---------------------------------------------------------------- Script : Maian Uploader v4.0 Type : XSS Vulnerabilities ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash Our Team : IRCRASH...
maianuploader-xss.txt
---------------------------------------------------------------- Script : Maian Uploader v4.0 Type : XSS Vulnerabilities ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash Our Team : IRCRASH...
Maian Uploader 4.0 - keywords Cross-Site Scripting
Maian Uploader 4.0 - keywords Cross-Site Scripting source: https://www.securityfocus.com/bid/29051/info Maian Uploader is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary...
Maian Uploader 4.0 - index.php Cross-Site Scripting
Maian Uploader 4.0 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29051/info Maian Uploader is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrar...
Maian Uploader 4.0 - header.php Cross-Site Scripting
Maian Uploader 4.0 - header.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29051/info Maian Uploader is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitra...
Maian Uploader 4.0 - 'keywords' Cross-Site Scripting
source: https://www.securityfocus.com/bid/29051/info Maian Uploader is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user...
Maian Uploader 4.0 - 'header.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/29051/info Maian Uploader is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user...
Maian Uploader 4.0 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/29051/info Maian Uploader is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user...
zkup-upload.txt
!/usr/bin/php Date: 03-08-2008 Conditions: PHP Version, magicquotesgpc=Off This exploit spawn a php uploader in your victim's server. Okay, you may need explanations: First, we can use administration without being admin see ./admin/configuration/modifier.php Then, when we add an admin, it is save...
CVE-2003-1552
The CVE-2003-1552 entry affects Uploader 1.1, via an unrestricted file upload vulnerability in uploader.php. A remote attacker can upload a file with an executable extension and then access it in the uploads/ directory to trigger arbitrary code execution. The vulnerability is mapped with a Networ...
MySpace Uploader ActiveX Control < 1.0.0.6 Action Property Buffer Overflow
The remote host contains a version of the MySpace Uploader ActiveX control MySpace.Uploader.4.1 that reportedly is affected by a buffer overflow that can be triggered by assigning a string longer than 260 characters to certain properties, such as 'Action', 'ExtractIptc', and 'ExtractExif'. If a...