96 matches found
XAMPP 1.6.8 - (CSRF) Change Administrative Password Exploit
No description provided by source. XAMPP change administrative password: -------------------------------------------------------------------------------- Written by Michael Brooks special thanks to str0ke Affects XAMPP 1.6.8. homepage: http://www.apachefriends.org/ XAMPP has 17+ million downloads...
Destoon 20140530最新版超全局变量覆盖导致的安全问题(官方demo演示)
简要描述: 短时间没找到合适的注入 找了个任意文件读取发上来了 详细说明: 代码片段0x1 /common.inc.php行17 None 这里用$GET配合上传unset了$FILES然后在extract$POST的时候重新初始化了$FILES 随便选个文件提交拦下数据包 修改 Content-Disposition: form-data; name="file"; filename="" 中的filename字段为空 如图就返回了我们要读取的文件了 漏洞证明:...
Code injection
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable...
PhpMyAdmin Remote Variable Manipulation (CVE-2011-2505)
A remote variable manipulation vulnerability has been reported in PhpMyAdmin...
DSA-2286-1 phpymadmin - several
Bulletin has no description...
DEBIAN-CVE-2011-2505
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...
CVE-2011-2505
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...
CVE-2011-2505
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...
Authentication flaw
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...
phpMyAdmin 3.x Multiple Remote Code Executions
No description provided by source. File: libraries/auth/swekey/swekey.auth.lib.php Lines: 266-276 Patched in: 3.3.10.2 and 3.4.3.1 Type: Variable Manipulation Assigned CVE id: CVE-2011-2505 PMA Announcement-ID: PMASA-2011-5 266 if strstr$SERVER'QUERYSTRING','sessiontounset' != false 267 268...
phpMyAdmin 3.x Remote Code Execution
phpMyAdmin 3.x Multiple Remote Code Executions This post details a few interesting vulnerabilities I found while relaxing and reading the sourcecode of phpMyAdmin. My original advisory can be found here. If you would like me to audit your PHP project, check out Xxor's PHP code auditing service. T...
Coppermine Photo Gallery 1.4.19 Remote PHP File Upload Vulnerability
Exploit for unknown platform in category web applications ==================================================================== Coppermine Photo Gallery 1.4.19 Remote PHP File Upload Vulnerability ==================================================================== Written By Michael Brooks...
Coppermine Photo Gallery 1.4.19 File Upload
Written By Michael Brooks Special thanks to str0ke! Coppermine Photo gallery - Remote PHP File Upload Affects: v1.4.19 Homepage: http://coppermine-gallery.net/ 5,239,057 downloads from sf.net! For this attack we need registerglobals=on . The problem is that the anti-registerglobals security can b...
Coppermine Photo Gallery 1.4.19 - Remote File Upload
Coppermine Photo Gallery 1.4.19 - Remote File Upload Written By Michael Brooks Special thanks to str0ke! Coppermine Photo gallery - Remote PHP File Upload Affects: v1.4.19 Homepage: http://coppermine-gallery.net/ 5,239,057 downloads from sf.net! For this attack we need registerglobals=on . The...
Coppermine Photo Gallery 1.4.19 - Remote File Upload
Written By Michael Brooks Special thanks to str0ke! Coppermine Photo gallery - Remote PHP File Upload Affects: v1.4.19 Homepage: http://coppermine-gallery.net/ 5,239,057 downloads from sf.net! For this attack we need registerglobals=on . The problem is that the anti-registerglobals security can b...
XAMPP 1.6.8 (XSRF) Change Administrative Password Exploit
No description provided by source. XAMPP change administrative password: -------------------------------------------------------------------------------- Written by Michael Brooks special thanks to str0ke Affects XAMPP 1.6.8. homepage: http://www.apachefriends.org/ XAMPP has 17+ million downloads...
XAMPP 1.6.8 Password Exploit
XAMPP change administrative password: -------------------------------------------------------------------------------- Written by Michael Brooks special thanks to str0ke Affects XAMPP 1.6.8. homepage: http://www.apachefriends.org/ XAMPP has 17+ million downloads from sourceforge.net...
oscom-disclose.txt
Application: osCommerce 2.2rc2a Authors Site: http://www.oscommerce.com/ +--------------------------------------------------------------+ Information Disclosure: Manipulation of the 'DOB' Variable on createaccount.php can cause information disclosure: In this example the POST variable 'DOB' has...
Stack overflow
Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running 1 verifydb, 2 iimerge, or 3 csrepor...
PHP and ASP are two kinds of script upload vulnerability explore-exploit warning-the black bar safety net
1 pass exploit the principles just for the form format of the upload of asp and php scripts ncnetcat For the submission packet the dos interface to run under: nc-vv www.. com 8 01.txt -vv: echo 8 0: the www port 1.txt: is your data packet to be transmitted use of more methods, please check this...