FrontAccounting 'attachments.php'任意文件上传漏洞

Bugtraq ID:66217 FrontAccounting FA是一个针对企业ERP供应链的网页会计系统。 FrontAccounting /admin/attachments.php脚本存在安全漏洞，允许攻击者上传使用恶意扩展名的文件，并以WEB权限执行。 0 FrontAccounting 2.x FrontAccounting 2.3.20已经修复该漏洞，建议用户下载更新： http://frontaccounting.com...

JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to...

JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to...

JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to...

JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to...

JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to...

JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to...

Quick/Dirty Blog Categories.PHP本地文件包含漏洞

Quick And Dirty Blog是一款基于PHP的WEB应用程序。 Quick And Dirty Blog不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于'Categories.PHP'脚本对用户提交的'theme'参数缺少过滤，提交包含多个"../"字符作为参数，可绕过WEB ROOT限制，以WEB权限查看系统文件内容。 Quick and Dirty Blog 0.4 目前没有详细解决方案提供： http://sourceforge.net/projects/qdblog/...

TxX CMS doc_root远程文件包含漏洞

TxX CMS是一款基于PHP的WEB应用程序。 TxX CMS不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于脚本对用户提交的'docroot'参数缺少过滤，指定远程服务器上的任意文件作为包含对象，可导致以WEB权限执行任意PHP代码。 txx cms TxX CMS public 0.2a txx cms TxX CMS public 0.2 目前没有详细解决方案提供： https://sourceforge.net/projects/txx/...

WikiWebWeaver Index.PHP任意文件上传漏洞

WikiWebWeaver是一款基于PHP的WIKI程序。 WikiWebWeaver不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞提交任意文件，造成以WEB权限执行。 问题是'index.php'脚本对用户提交的WEB参数缺少过滤，可导致提交任意PHP文件，攻击者借此可以WEB权限执行。 WikiWebWeaver WikiWebWeaver 1 beta 2 http://wikiwebweaver-devel.teuwen.org:8080/wiki/index.php?l=FR&display=QuoiDeNeufFR...