Lucene search
+L

247 matches found

exploitpack
exploitpack
added 2001/08/31 12:0 a.m.20 views

SIX-webboard 2.01 - File Retrieval

SIX-webboard 2.01 - File Retrieval source: https://www.securityfocus.com/bid/3175/info SIX-webboard 2.01 does not filter ".." and "/" from user input, allowing users to enter arbitrary values in order to view or retrieve files not normally accessible to them from the remote host...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2000/11/24 12:0 a.m.59 views

Security problems with Phorum php message board

Author: Brian Moon Homepage: www.phorum.org Version: 3.2.6 Problem: Any user can parse a choosed php script file using the Phorum sustem. It is also possibel, under certain circunstances, to execute arbitrary commands on the server as the httpd user. Status: Fixed in version 3.2.7 released...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2000/11/24 12:0 a.m.21 views

Phorum 3.x - Arbitrary File Read

Phorum 3.x - Arbitrary File Read source: https://www.securityfocus.com/bid/1997/info Phorum is a PHP based web forums package. Due to an error in the handling of user input in administrative scripts, any user can view the any file readable by the webserver on the target host. This is due to...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2000/05/25 12:0 a.m.46 views

Очередная дырка в qpopper 2.53

Ввод пользователя используется в качестве форматной строки, что позволяет переполнить буфер и получить привилегии группы mail...

0.4AI score
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2000/05/16 12:0 a.m.42 views

Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/1215/info Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two components of this package,...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2000/03/05 12:0 a.m.20 views

SGI InfoSearch 1.0 SGI IRIX 6.5.x - fname

SGI InfoSearch 1.0 SGI IRIX 6.5.x - fname source: https://www.securityfocus.com/bid/1031/info The InfoSearch package converts man pages and other documentation into HTML web content. The search form uses infosrch.cgi which does not properly parse user input in the 'fname' variable, allowing...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2000/02/29 12:0 a.m.77 views

The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 - Arbitrary File Inclusion

source: https://www.securityfocus.com/bid/1026/info ht://dig is a web content search engine for Unix platforms. The software is set up to allow for file inclusion from configuration files. Any string surrounded by the opening singlw quote character is taken as a path to a file for inclusion, for...

7AI score
Exploits0
Rows per page
Query Builder