1368 matches found
php security update
CentOS Errata and Security Advisory CESA-2012:0811 Updated php-pecl-apc packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Comm...
CVE-2012-2905
Artiphp CMS 5.5.0 Neo r422 stores database backups with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request...
CVE-2012-2905
CVE-2012-2905 affects Artiphp CMS 5.5.0 Neo (r422), where database backups are stored with predictable names under the web root due to insufficient access control. This information exposure enables remote attackers to obtain sensitive data via direct requests. The primary impact is confidential d...
Artiphp CMS 5.5.0 database backup disclosure Exploit-vulnerability warning-the black bar safety net
? php / Artiphp CMS 5.5.0 Database Backup Disclosure Exploit Author: Artiphp www.2cto.com http://www.artiphp.com Affected version: 5.5.0 Neo r422 Summary: Artiphp is a content management system CMS open and free to create and manage your website. Description: Artiphp stores database backups using...
Solarwinds Storage Manager 5.1.0 SQL Injection
This module exploits a SQL injection found in Solarwinds Storage Manager login interface. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM. This module requires Metasploi...
coppermine -- Multiple vulnerabilities
The Coppermine Team reports: The release covers several path disclosure vulnerabilities. If unpatched, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information...
OSClass directory traversal (leads to arbitrary file upload)
Advisory ID: CSA-12004 Title: OSClass directory traversal vulnerability Product: OSClass Version: 2.3.5 and probably prior Vendor: osclass.org Vulnerability type: Directory traversal Risk level: 2 / 3 Credit: www.codseq.it Vendor notification: 2012-01-25 Public disclosure: 2012-03-07 Original...
CVE-2011-5058
The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ backslash characters in an HTTP GET request...
CVE-2011-5058
The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ backslash characters in an HTTP GET request...
WordPress WP Symposium插件任意文件上传漏洞
WordPress是一款使用PHP语言开发的内容管理系统 用于WordPress的WP Symposium插件存在安全漏洞,允许恶意用户向系统上传任意文件 wp-content/plugins/wp-symposium/uploadify/uploadadminavatar.php和wp-content/plugins/wp-symposium/uploadify/uploadprofileavatar.php脚本允许向WEB ROOT中的文件夹上传任意扩展名的文件,攻击者可以上传恶意PHP脚本以WEB权限执行 0 WordPress WP Symposium Plugin 厂商解决方案...
Trend Micro Data Loss Prevention Virtual Appliance 5.5 - Directory Traversal
Software: Trend Micro Data Loss Prevention Virtual Appliance 5.5 Vulnerability: Directory Traversal Threat Level: Serious 5/5 Download: http://support.trendmicro.com.cn/TM- Product/Product/DLP/5.5/Manager/5.5GM/DLPVA- 5.5.1294-i386-DVD.iso Discovery Date: 27/05/2011 Remote: Yes Author Site Email:...
Tele Data Contact Management Server - Directory Traversal
------------------------------------------------------------------------ Software................Tele Data Contact Management Server Vulnerability...........Directory Traversal Threat Level............Serious 3/5 Download................http://teledata.qc.ca/tdcms/ Discovery Date..........6/1/201...
Tele Data Contact Management Server Directory Traversal
------------------------------------------------------------------------ Software................Tele Data Contact Management Server Vulnerability...........Directory Traversal Threat Level............Serious 3/5 Download................http://teledata.qc.ca/tdcms/ Discovery Date..........6/1/201...
Rootage 1.0.0.4 Alpha Directory Traversal
------------------------------------------------------------------------ Software................Rootage 1.0.0.4 Alpha Vulnerability...........Directory Traversal Threat Level............Serious 3/5 Download................http://get-for-net.ru/ Discovery Date..........5/18/2011 Tested...
Serva32 1.2.00 RC1 Directory Traversal
------------------------------------------------------------------------ Software................Serva32 1.2.00 RC1 Vulnerability...........Directory Traversal Threat Level............Serious 3/5 Download................http://www.vercot.com/serva/ Discovery Date..........5/7/2011 Tested...
BMC Dashboards 7.6.01 XSS / File Reading
PR10-18: Multiple XSS Cross Site Scripting and arbitrary file reading flaws within BMC Dashboards by BMC Vulnerability found: 1st Oct 2010 Vendor informed: Vulnerability fixed: Severity: High Description: BMC Dashboards provides service desk analysts with a dashboard view of aggregated performanc...
Path disclousure in MEGA PORTAL
Product: MEGA PORTAL Vendor: http://www.got.my Demo: http://www.got.my/MEGA-PORTAL/ Vulnerability Type: Path disclosure Risk level: medium Credit: Hector.x90 Vulnerability Details: A remote user can determine the full path to the web root directory and other potentially sensitive information. The...
HTB22948: Path disclosure in Cotonti
Vulnerability ID: HTB22948 Reference: http://www.htbridge.ch/advisory/pathdisclosureincotonti.html Product: Cotonti Vendor: Cotonti Team http://www.cotonti.com/ Vulnerable Version: Siena 0.9.0 Vendor Notification: 12 April 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tech...
HTB22954: Path disclousure in yappa-ng Photo Gallery
Vulnerability ID: HTB22954 Reference: http://www.htbridge.ch/advisory/pathdisclousureinyappangphotogallery.html Product: yappa-ng Photo Gallery Vendor: http://www.zirkon.at/ http://www.zirkon.at/ Vulnerable Version: 2.3.2 Vendor Notification: 12 April 2011 Vulnerability Type: Path disclousure Ris...
ZENphoto 1.4.0.3 Cross Site Scripting / Path Disclosure
============================= Vulnerability ID: HTB22945 Reference: http://www.htbridge.ch/advisory/multiplexssinzenphoto.html Product: ZENphoto Vendor: ZENphoto http://www.zenphoto.org/ Vulnerable Version: 1.4.0.3 Vendor Notification: 07 April 2011 Vulnerability Type: XSS Cross Site Scripting Ri...