Sablog-X v2. x is an arbitrary variable overwrite vulnerability-vulnerability warning-the black bar safety net

author: 80vul-B team:http://www. 80vul. com A description of Syria: the Due to the Sablog-x v2. x common. inc. php in the$EVO the initialization process there is a logical vulnerability, leading to can use extractto overwrite any of the variables, eventually leading toxss, sql injection, code...

Sablog-X v2.x 任意变量覆盖漏洞

由于Sablog-x v2.x的common.inc.php里$EVO初始化处理存在逻辑漏洞，导致可以利用extract来覆盖任意变量，最终导致xss、sql注射、代码执行等很多严重的安全漏洞。 common.inc.php代码里： .... $onoff = functionexists'iniget' ? iniget'registerglobals' : getcfgvar'registerglobals'; if $onoff != 1 @extract$COOKIE, EXTRSKIP; @extract$POST, EXTRSKIP; @extract$GET,...

Joomla Component com_gameserver SQL Injection Vulnerability

No description provided by source. Exploit Title: Joomla comgameserver SQL Injection Vulnerability Date: 2010-01-22 Author: B-Hunt3|2 Software Link: http://joomlacode.org/gf/project/gameserver/frs/ Version: 1.2 CVE : N/A ...BEGIN ADVISORY...

Design/Logic Flaw

The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable...

Simply Classified 0.2 Cross Site Request Forgery / Cross Site Scripting

Simply Classified 0.2 XSS & CSRF Vulnerabilities Download: http://www.hotscripts.com/listing/simplyclassifieds/ Found by: mrme Tested On: Windows Vista Note: For educational purposes only Author contact date: 16th December 2009 Advisory:...

phpwind 7.5 api/class_base.php Include Vulnerabilities

PHPWind 论坛系统 是一套采用 php+mysql 数据库 方式运行并可生成 html 页面的全新且完善的强大系统。因具有非凡的访问速度和卓越的负载能力而深受国内外朋友的喜爱。 api/classbase.php文件里callback函数里$mode变量没有过滤导致任意包含本地文件,从而可以执行任意PHP命令. api/classbase.php文件里: function callback$mode, $method, $params if !isset$this-classdb$mode if !fileexistsRP.'api/class' . $mode . '.php'...

Simply Classified 0.2 - Cross-Site Scripting / Cross-Site Request Forgery

Simply Classified 0.2 XSS & CSRF Vulnerabilities Found by: mrme Tested On: Windows Vista Note: For educational purposes only Author contact date: 16th December 2009 Advisory: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-002-simply-classifieds-v0.2-xss-and-csrf/ Greetz...

DSA-1966-1 horde3 - cross-site scripting

Bulletin has no description...

D-Link DKVM-IP8 - Cross-Site Scripting

Exploit Title: D-LINK DKVM-IP8 XSS Vulnerability Date: 01-06-2010 Author: POPCORN Software Link: http://www.dlink.ru/ Version: 2282dlinkA4p820071213 Tested on: Windows Sp 2 Site : http://Hacking.ge Code : POST http://site.com80/auth.asp HTTP/1.0 Accept: / Content-Type:...

K-Rate SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================== K-Rate SQL Injection Vulnerability ================================== Script site:http://turn-k.net/k-rate In the wild... Vulnerability: SQL Injection in view.php,variable username. Anyway, all sites i sa...

CVE-2009-4418

The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service resource consumption via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many a:1: sequences...

CVE-2009-4418

The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service resource consumption via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many a:1: sequences...

Clark Connect Cross Site Scripting

Hello, I have found an XSS vulnerability in ClarkConnect web interface. ClarkConnect is an internet server and gateway that provides protocol filtering, bandwidth management, Windows File Sharing / Samba, LDAP Directory Integration and other features... The vulnerability was found in the latest...

CVE-2009-3701

Multiple cross-site scripting XSS vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1...

CVE-2009-3701

CVE-2009-3701 affects Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5. It enables remote XSS via PATH_INFO to admin/phpshell.php, admin/cmdshell.php, or admin/sqlshell.php, related to PHP_SELF. Impact is arbitrary script/HTM...

phpMyAdmin 2.7.0 全局变量覆盖导致文件包含漏洞

No description provided by source...

Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability

No description provided by source. Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability Created By 1nd0n3s14n l4m3r c -- 14/12/2oo9 No Sanitize Variable $SERVER"DOCUMENTROOT" automne/imagezoom.php?DOCUMENTROOT=Shell automne/isalive.php?DOCUMENTROOT=Shell automne/admin/backtrace.php?DOCUMENTROOT=She...

Automne.ws CMS 4.0.0rc2 - Multiple Remote File Inclusions

Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability Created By 1nd0n3s14n l4m3r c -- 14/12/2oo9 No Sanitize Variable $SERVER"DOCUMENTROOT" automne/imagezoom.php?DOCUMENTROOT=Shell automne/isalive.php?DOCUMENTROOT=Shell automne/admin/backtrace.php?DOCUMENTROOT=Shell...

Mandriva Security Advisory MDVSA-2009:059-1 (xchat)

The remote host is missing an update to xchat announced via advisory MDVSA-2009:059-1. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandriva Security Advisory MDVSA-2009:038-1 (blender)

The remote host is missing an update to blender announced via advisory MDVSA-2009:038-1. OpenVAS Vulnerability Test $Id: mdksa20090381.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:038-1 blender Authors: Thomas Reinke Copyright: Copyright c 2009...