PHP memory_limit 环境变量导致远程执行代码

No description provided by source...

Hewlett-Packard OpenView NNM nnmRptConfig.exe Template Variable strcat Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nnmRptConfig.exe CGI executable accessible via the I...

Huawei MT882 Modem/Router - Multiple Vulnerabilities

Version: V100R002B020 ARG-T Firmware Release: 3.7.9.98 Greets to my bests friends: DeepLook, R00T, systemfailure, Ciber34, ANDSQLiTor, LaPeke Greets to friend: Scuarplex, Crl, KiKoArg, ZeRO, DNSX, PunkiD DecodeX01atgmaildotcom Target device ip 10.0.0.2:80 default ip:port Server information...

CVE-2009-4018

The procopen function in ext/standard/procopen.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the 1 safemodeallowedenvvars and 2 safemodeprotectedenvvars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, a...

Code injection

The procopen function in ext/standard/procopen.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the 1 safemodeallowedenvvars and 2 safemodeprotectedenvvars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, a...

PHP vulnerability full solution-vulnerability warning-the black bar safety net

PHP web page security issues For PHP website mainly exist the following types of attacks: 1. Command injectionCommand Injection 2. eval injectionEval Injection 3. Client scripting attacksScript Insertion 4. Cross-site scripting attacksCross Site Scripting, XSS 5. SQL injectionattacksSQL injection...

Wind news site content management system explosive path vulnerability-vulnerability warning-the black bar safety net

Wind news site content management system the latest burst path vulnerability in! Directly burst the absolute path Methods: Directly in the URL added on the Admin/User/getGroupDebate. asp to it!!!! Microsoft VBScript runtime error-Error '800a01f4' Variable is undefined: 'Conn'...

CVE-2009-3891

Cross-site scripting XSS vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter aka the selection variable...

CVE-2009-3891

Cross-site scripting XSS vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter aka the selection variable...

PHP and ASP upload vulnerability exploit-vulnerability warning-the black bar safety net

1 pass exploit the principles just for the form format of the upload of asp and php scripts ncnetcat For the submission packet the dos interface to run under: nc-vv www.. com 8 01.txt -vv: echo 8 0: the www port 1.txt: is your data packet to be transmitted use of more methods, please check this...

CVE-2009-2685

Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable...

Sql injection

Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the 1 forum parameter to modules/forum/post.php and possibly 2 forumid variable to modules/forum/class/class.permissions.php...

织梦(Dedecms)select_soft_post.php页面变量未初始漏洞

漏洞产生文件位于include\dialog\selectsoftpost.php，其变量$cfgbasedir没有正确初始化，导致可以饶过身份认证和系统变量初始化文件，导致可以上传任意文件到指定目录。其漏洞利用前提是registerglobals=on,可以通过自定义表单为相关的变量赋值。 Dedecms 5.5 暂无 请关注官方补丁 html head titleDedecms v55 RCE Exploit Codz By flyh4t/title /head body style="FONT-SIZE: 9pt" ---------- Dedecms v55 RCE Exploi...

Dedecms select_soft_post. php page the variables are not the initial vulnerability-vulnerability warning-the black bar safety net

Text/ Flyh4t Affected versions: Dedecms 5.5 漏洞 产生 文件 位于 include\dialog\selectsoftpost.php, which is the variable$cfgbasedir not initialized properly, can lead to spare Through the identity authentication and system variable initialization file, cause you can upload any file to the specified...

CVE-2009-3435

Cross-site scripting XSS vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name...

SA-CONTRIB-2009-062 - Devel - Cross Site Scripting

The Devel module contains many useful developer functions, such as a query log and the display of variables. When using the variable editor, the module does not properly sanitize the output of the variable name before display, leading to a cross-site scripting XSS vulnerability. Such an attack ma...

CF Shopkart 5.3x (itemid) Remote SQL Injection Vulnerability

No description provided by source. CF ShopKart SQL vulnerability By learn3r hacker from Nepal [email protected] Product name: CF ShopKart Version: 5.4 beta or may be lower Product home: www.cfshopkart.com Affected variable: item SQLi examples:...

CF Shopkart 5.3x (itemid) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================ CF Shopkart 5.3x itemid Remote SQL Injection Vulnerability ============================================================ CF ShopKart SQL vulnerability By learn3r hacker from Nepal...

Sql injection

directory.php in AJchat 0.10 allows remote attackers to bypass input validation and conduct SQL injection attacks via a numeric parameter with a value matching the s parameter's hash value, which prevents the associated $GET"s" variable from being unset. NOTE: it could be argued that this...

CVE-2008-7188

ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address i...