Showing 1 - 8 of 8

Files Date: 2011-05-22

Mandriva Linux Security Advisory 2011-096: Posted May 22, 2011; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2011-096 - The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / character at the beginning of the URI. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the file:// URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed.; tags | advisory, remote, web, local, python; systems | linux, mandriva; advisories | CVE-2011-1015, CVE-2011-1521; SHA-256 | cfd8400b472c9d81ba72ff0351d1a79213014f8039daa39730e7a98053e3d81e; Download | Favorite | View

xtcModified 1.05 FCKeditor Shell Upload: Posted May 22, 2011; Authored by KedAns-Dz; xtcModified version 1.05 (FCKeditor) arbitrary shell upload exploit.; tags | exploit, arbitrary, shell; SHA-256 | 7392a082a0edb8f2b4b42760293cb1430bf9c388f76faa5272f6541241f87c05; Download | Favorite | View

Pytbull 1.3: Posted May 22, 2011; Authored by Sebastien Damaye | Site pytbull.sourceforge.net; pytbull is an intrusion detection/prevention system (IDS/IPS) testing framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. The framework is shipped with about 300 tests grouped into 8 testing modules.; Changes: Bug fix for an error while using reverse shell. Minor changes.; tags | tool, sniffer; SHA-256 | 808d5c8b46bb60eb106cd9b9d64a63bab99beb4e19fd7e71d0675be43b6de705; Download | Favorite | View

Tugux CMS 1.2 XSS / LFI / SQL Injection / URL Redirection: Posted May 22, 2011; Authored by LiquidWorm | Site zeroscience.mk; Tugux CMS version 1.2 suffers from cross site scripting, local file inclusion, url redirection, and remote SQL injection vulnerabilities.; tags | exploit, remote, local, vulnerability, xss, sql injection, file inclusion; SHA-256 | b5b2ff3bd99d5a8b947cc3f1d1e8127651974a13726a26182e02c17102388137; Download | Favorite | View

chillyCMS 1.2.x XSRF / File Disclosure: Posted May 22, 2011; Authored by KedAns-Dz; chillyCMS version 1.2.x suffers cross site request forgery and remote file disclosure vulnerabilities.; tags | exploit, remote, vulnerability, file inclusion, info disclosure, csrf; SHA-256 | 2545b5c82fa3df40c9d39eab5aa04640564087f43ce46f64517b580d5cb6b972; Download | Favorite | View

E-Manage MySchool 7.02 SQL Injection: Posted May 22, 2011; Authored by az7rb; E-Manage MySchool version 7.02 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | b5bb6c54604cff4f0a246ebe39b746423cd07008e7d19206c6460c3a6877089d; Download | Favorite | View

NucleusCMS 3.64 Cross Site Request Forgery: Posted May 22, 2011; Authored by KedAns-Dz; NucleusCMS version 3.64 suffers from multiple cross site request forgery vulnerabilities.; tags | exploit, vulnerability, csrf; SHA-256 | 61346924420842ad8b2946c9ab35618c5c8de86fb39694bfe29dc895fc03c7c0; Download | Favorite | View

Mathew Callingham Associates 3.x.x SQL Injection / Authentication Bypass: Posted May 22, 2011; Authored by Net.Edit0r; Mathew Callingham Associates version 3.x.x suffers from administrative bypass and SQL injection vulnerabilities.; tags | exploit, vulnerability, sql injection, bypass; SHA-256 | 3f99b5a8b3d22db59e6b1cf8632f35237f3fc0f2936164d80e3e287d8f1c4d42; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days