1051 matches found
Simple HTTPD <= 1.38 Multiple Remote Vulnerabilities
No description provided by source. Luigi Auriemma Application: Simple HTTPD http://shttpd.sourceforge.net Versions: = 1.38 Platforms: Windows, nix, QNX, RTEMS only Windows seems vulnerable Bugs: A directory traversal B scripts and CGI viewing/downloading %20 char found by Shay priel in Jun 2007...
simple-traverse.txt
Luigi Auriemma Application: Simple HTTPD http://shttpd.sourceforge.net Versions: = 1.38 Platforms: Windows, nix, QNX, RTEMS only Windows seems vulnerable Bugs: A directory traversal B scripts and CGI viewing/downloading %20 char found by Shay priel in Jun 2007 Exploitation: remote Date: 07 Dec 20...
Simple HTTPD <= 1.38 Multiple Remote Vulnerabilities
Exploit for unknown platform in category remote exploits ==================================================== Simple HTTPD = 1.38 Multiple Remote Vulnerabilities ==================================================== Luigi Auriemma Application: Simple HTTPD http://shttpd.sourceforge.net Versions: =...
R-Viewer < 1.6.3768 Multiple Vulnerabilities
R-Viewer, a secure document viewer from remotedocs.com, is installed on the remote host. According to the registry, the installation of R-Viewer on the remote Windows host allows arbitrary code to be executed without a user's knowledge and stores unencrypted copies of previously-opened documents ...
CVE-2007-4888
The CVE-2007-4888 entry concerns XWiki 1.0 B1 and 1.0 B2. The issue is an error handler flaw where the doc variable is associated with the entire document content and metadata regardless of a user’s view rights. This allows remote authenticated users to read arbitrary documents by using a custom ...
PHMe 0.0.2 - 'Function_List.php' Local File Inclusion
source: https://www.securityfocus.com/bid/25011/info PHMe is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. PHMe 0.0.2 is vulnerable; other version...
WebIf - 'OutConfig' Local File Inclusion
source: https://www.securityfocus.com/bid/24516/info WebIf is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...
CVE-2006-7037
Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to 1 bypass password protection by replacing the password field with a hash of a known...
CVE-2006-7037
Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to 1 bypass password protection by replacing the password field with a hash of a known...
XT:Commerce 3.04 - 'index.php' Local File Inclusion
source: https://www.securityfocus.com/bid/22698/info xt:Commerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. xt:Commerce 3.04 and prior...
PHPMyChat 0.140.15 - Languages.Lib.php Local File Inclusion
PHPMyChat 0.140.15 - Languages.Lib.php Local File Inclusion source: https://www.securityfocus.com/bid/20962/info phpMyChat is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files a...
OZJournal15.txt
OZJournal v1.5 Homepage: http://ozjournals.awardspace.com/index.php Affected files: search input box index.php viewing archives show comment page ---------------------------------------- XSS vulnerability via search input box: Data isn't properly sanatized before being displayed. For a PoC in the...
OZJournal v1.5 - XSS
OZJournal v1.5 Homepage: http://ozjournals.awardspace.com/index.php Affected files: search input box index.php viewing archives show comment page ---------------------------------------- XSS vulnerability via search input box: Data isn't properly sanatized before being displayed. For a PoC in the...
bingbox.txt
Bingbox.com Homepage: http://www.bingbox.com Affected files: Profile input boxes: - City input Registering Viewing Birthdays Adding a friend Viewing people online ----------------------------------------------- XSS with cookie disclosure via inviting friends:...
JVN#67974490 Webmin directory traversal vulnerability
Impact A remote attacker could view files on the computer without authentication. Private information could be leaked as a result. Solution Products Affected Webmin 1.280 and earlier Usermin 1.210 and earlier As of June 30, 2006, patched versions of the module addressing this vulnerability for al...
apnaspace.txt
Apnaspace.com A myspace type site for arab & indian teens Homepage: http://www.http://www.apnaspace.com Effected files: Comment input box: Posting a blog entry: - Entry title - Entry body Viewing a profile Posting a bulletin. Commenting on a picture Sending mail to someone...
Cybersocieties.txt
Cybersocieties.com Homepage: http://www.cybersocieties.com Effected files: Input boxes in profile: - Full name box - Occupation box - MSN box - Yahoo box - AIM Box Viewing a profile ------------------------------------------------------ XSS vuln via input boxes in profile: No filter evasion is...
Limbo CMS sql.php classes_dir Parameter Remote File Inclusion
The remote host is running Limbo CMS, a content-management system written in PHP. The version of Limbo CMS installed on the remote host fails to sanitize user-supplied input to the 'classesdir' parameter of the 'classes/adodbt/sql.php' script before using it in PHP 'includeonce' functions. Provid...
zgv, xzgv: Heap overflow
Background xzgv and zgv are picture viewing utilities with a thumbnail based file selector. Description Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space...
Mambo Open Source Multiple Vulnerabilities
The remote installation of Mambo Open Source fails to sanitize input to the 'mosusertemplate' cookie before using it to include PHP code from a local file. An unauthenticated attacker may be able to exploit this issue to view arbitrary files or to execute arbitrary PHP code on the affected host. ...