Solaris 2.6/7/8 (TTYPROMPT in.telnet) Remote Authentication Bypass

No description provided by source. Solaris TTYPROMPT Security Vulnerability Telnet This vulnerability is very simple to exploit, since it does not require any code to be compiled by an attacker. The vulnerability only requires the attacker to simply define the environment variable TTYPROMPT to a...

Streamline PHP Media Server 1.0-beta4 - Remote File Inclusion

Vulnerability Type: Remote File Inclusion Vulnerable file: /streamline-1.0-beta4/src/core/theme/includes/accountfooter.php Exploit URL: http://localhost/streamline-1.0-beta4/src/core/theme/includes/accountfooter.php?slthemeunixpath=http://localhost/shell.txt? Method: get Registerglobals: On...

Streamline PHP Media Server 1.0-beta4 RFI Vulnerability

Exploit for unknown platform in category web applications ======================================================= Streamline PHP Media Server 1.0-beta4 RFI Vulnerability ======================================================= Vulnerability Type: Remote File Inclusion Vulnerable file:...

Streamline PHP Media Server 1.0-beta4 - Remote File Inclusion

Streamline PHP Media Server 1.0-beta4 - Remote File Inclusion Vulnerability Type: Remote File Inclusion Vulnerable file: /streamline-1.0-beta4/src/core/theme/includes/accountfooter.php Exploit URL:...

saforum 注射漏洞

saforum是国内安全研究人员修改过的saforum论坛,但是代码中有一点瑕疵导致可能被获取管理员权限: \include\common.php 行4149引入没有过滤的变量 ------cut----------------- ifgetenv'HTTPCLIENTIP' $onlineip = getenv'HTTPCLIENTIP'; elseifgetenv'HTTPXFORWARDEDFOR' $onlineip = getenv'HTTPXFORWARDEDFOR'; elseifgetenv'REMOTEADDR' $onlineip =...

NuclearBB Alpha 2 (root_path) Remote File Inclusion Vulnerability

No description provided by source. Vuln Product: NuclearBB Alpha 2 Vendor: http://www.nuclearbb.com/ Vulnerability Type: Remote File Inclusion Autor: Infection Team: Rootshell Security Team Vulnerable file: /NuclearBB/tasks/sendqueuedemails.php Exploit URL:...

NuclearBB Alpha 2 - 'ROOT_PATH' Remote File Inclusion

Vuln Product: NuclearBB Alpha 2 Vendor: http://www.nuclearbb.com/ Vulnerability Type: Remote File Inclusion Autor: Infection Team: Rootshell Security Team Vulnerable file: /NuclearBB/tasks/sendqueuedemails.php Exploit URL:...

PHPress 0.2.0 - 'adisplay.php?lang' Local File Inclusion

:::::::::::::::::::::::::::::::::::::::::::::::::::....................... ::| \ | | \ | | / | ::| | | | | | | | ::| . | |/ / \ | . |/ | ' \ / \ | | | '/ \ \ /\ / / ::| |\ | | | / | |\ | | | | | | | | / | || | | /\ V V / ::|| ||\| || |,|| || ||| || | // :::::::::::::::::::::::::::::We...

phpress 0.2.0 (adisplay.php lang) Local File Inclusion Vulnerability

No description provided by source. :::::::::::::::::::::::::::::::::::::::::::::::::::....................... ::| \ | | \ | | / | ::| | | | | | | | ::| . | |/ / \ | . |/ | ' \ / \ | | | '/ \ \ /\ / / ::| |\ | | | / | |\ | | | | | | | | / | || | | /\ V V / ::|| ||\| || |,|| || ||| || | //...

sharelor-xss.txt

Sharelor file sender Cross site scripting ========================================= POST variable : http://www.fileflasher.com:80/contact.php?action=send with line below from="alert1248191921%3B malibu.r...

Moderate: cyrus-sasl security and bug fix update

2.1.19-14 - Related: bz250732 Fixed a conflict with an earlier test patch 2.1.19-13 - Related: bz250732 Fixed uninitialized stack variable causing segfault 2.1.19-12 - Resolves: bz250732 sasl-sample-server crashes with null realm 2.1.19-11 - Resolves: bz243910 krb5-libs are not thread-safe -...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cisco CallManager and Unified Communications Manager CUCM before 3.35sr2b, 4.1 before 4.13sr5, 4.2 before 4.23sr2, and 4.3 before 4.31sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the 1 user or 2 adm...

Sql injection

Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager CUCM before 3.35sr2b, 4.1 before 4.13sr5, 4.2 before 4.23sr2, and 4.3 before 4.31sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the 1 user or 2 admin logon page, a...

CVE-2007-4584

Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the pmode variable...

Stack overflow

Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the pmode variable...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Olate Download od 3.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the PHPSELF variable in modules/core/uim.php and 2 url tags in a comment in modules/core/fldm.php...

CVE-2007-4541

Multiple cross-site scripting XSS vulnerabilities in Olate Download od 3.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the PHPSELF variable in modules/core/uim.php and 2 url tags in a comment in modules/core/fldm.php...

CVE-2007-4541

Multiple cross-site scripting XSS vulnerabilities in Olate Download od 3.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the PHPSELF variable in modules/core/uim.php and 2 url tags in a comment in modules/core/fldm.php...

[SECURITY] Fedora 7 Update: libvorbis-1.1.2-3.fc7

Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The libvorbis package contains runtime libraries for use in programs that support Ogg Voribs...

phpress020-rfi.txt

:::::::::::::::::::::::::::::::::::::::::::::::::::..................... .. ::| \ | | \ | | / | ::| | | | | | | | ::| . | |/ / \ | . |/ | ' \ / \ | | | '/ \ \ /\ / / ::| |\ | | | / | |\ | | | | | | | | / | || | | /\ V V / ::|| ||\| || |,|| || ||| || | // :::::::::::::::::::::::::::::We...