CVE-2010-1153

PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable...

Remote file inclusion

PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable...

CUPS < 1.4.3 Multiple Vulnerabilities

According to its banner, the version of CUPS installed on the remote host is earlier than 1.4.3. Such versions are affected by several vulnerabilities : - A pointer use-after-free vulnerability exists in the abstract file descriptor handling code in the 'cupsdDoSelect' function in...

discuz! 7.0 and below the version background get webshell-vulnerability warning-the black bar safety net

Don't need the founder, you'll need administrator. http://www.fuck.com/admincp.php?action=styles&operation=edit&id=1&adv=1 In the following there is a“custom template variables”, the variable in the fill: PHP code 1. OLDJUN', '9 9 9';eval$POSTcmd;// Replace the contents of whatever the input: 1 1...

sudo -- Privilege escalation with sudoedit

Todd Miller reports: Sudo's command matching routine expects actual commands to include one or more slash '/' characters. The flaw is that sudo's path resolution code did not add a "./" prefix to commands found in the current working directory. This creates an ambiguity between a "sudoedit" comma...

Sql injection

SQL injection vulnerability in the find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable...

Web editor vulnerability manual comprehensive Edition-vulnerability warning-the black bar safety net

FCKeditor FCKeditor editor page/view Editor Version/view the file upload path FCKeditor editor page FCKeditor/samples/default.html View Editor Version FCKeditor/whatsnew.html View the file upload path fckeditor/editor/filemanager/browser/default/connectors/asp/connector. asp?...

GLibrary v3.0 Multiple Remote vulnerabilities

Exploit for unknown platform in category web applications ============================================= GLibrary v3.0 Multiple Remote vulnerabilities ============================================= +-------------------------------------+ + Title : GLibrary v3.0 Multiple Remote vulnerabilities +...

MYSQL UDF - Can't open shared library studies-vulnerability and early warning-the black bar safety net

Ninty 's blog mysqlin support of the UDF extension, so that we can call the DLL inside the function to achieve some special features. But for the UDF specific limits, MYSQL versions are different. The following recording: I heard, just heard, didn't do testing on MYSQL 4.1 previously, can be all...

DEBIAN-CVE-2010-0393

The cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with...

Format string

The cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with...

Ubuntu Update for cups, cupsys vulnerabilities USN-906-1

Ubuntu Update for Linux kernel vulnerabilities USN-906-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9061.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for cups, cupsys vulnerabilities USN-906-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Pre Classifieds Listings SQL Injection

================================================================= Pre Classified Listings Remote SQL Injection Vulnerability ================================================================= Author: Crux Homepage: http://hack-tech.com Date: 2-27-2010 Software Link:...

phpMySite - Cross-Site Scripting SQL Injection

phpMySite - Cross-Site Scripting SQL Injection ================================================================= phpMySite XSS/SQLi Multiple Remote Vulnerabilities ================================================================= Author: Crux Homepage: http://hack-tech.com Date: 2-27-2010 Softwar...

Pre Classified Listings Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================== Pre Classified Listings Remote SQL Injection Vulnerability ==========================================================...

Pre Classified Listings - SQL Injection

Pre Classified Listings - SQL Injection ================================================================= Pre Classified Listings Remote SQL Injection Vulnerability ================================================================= Author: Crux Homepage: http://hack-tech.com Date: 2-27-2010 Softwa...

Jamit Job Board v.3.0 Cross Scripting Vulnerabilities

Exploit for unknown platform in category web applications ===================================================== Jamit Job Board v.3.0 Cross Scripting Vulnerabilities ===================================================== Jamit Job Board v.3.0 Cross Scripting Vulnerabilities + Exploit Title: Jamit...

Pre Classified Listings - SQL Injection

================================================================= Pre Classified Listings Remote SQL Injection Vulnerability ================================================================= Author: Crux Homepage: http://hack-tech.com Date: 2-27-2010 Software Link:...

DEBIAN-CVE-2010-0685

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the $EXTEN channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters...

AST-2010-002: Dialplan injection vulnerability

Asterisk Project Security Advisory - AST-2010-002 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Dialplan injection vulnerability |...