what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files from STG Security

First Active2003-06-21
Last Active2005-08-14
STG Security Advisory 2005-08-12.27
Posted Aug 14, 2005
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: Discuz! does not properly check extensions of uploaded files, so malicious attackers can upload a file with multiple extensions such as attach.php.php.php.php.rar to a web server. This can be exploited to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user. Versions 4.0.0 rc4 and prior are affected.

tags | advisory, web, arbitrary, php
SHA-256 | 775ef1242c51c2277126826ccfd8fa8b30037749b6f168553c83ae3eac202a70
STG Security Advisory 2005-01-20.22
Posted Jan 25, 2005
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: JSBoard versions 2.0.9 and below suffer from an input validation flaw that allows for arbitrary file reading.

tags | exploit, arbitrary
SHA-256 | 04fa973bf4b6839924d1a72282fd12936c652ed1299fc3906090b148f9953989
STG Security Advisory 2005-01-20.24
Posted Jan 25, 2005
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: GForge versions 3.3 and below are susceptible to directory traversal attacks.

tags | exploit
SHA-256 | 8dc2e1f4564aa448435f8b3771a3642f05fd3c4d9e6cbbf1dbd81ef08a7da42a
STG Security Advisory 2005-01-13.25
Posted Jan 16, 2005
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: An input validation flaw in ZeroBoard can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.

tags | exploit, arbitrary
SHA-256 | 0c9e35a9c275bc19120772f641e5b82ca15d9b4c4e3661ccf564440202b8c080
STG Security Advisory 2004-12-24.21
Posted Jan 4, 2005
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: An input validation flaw in GNUBoard versions 3.40 and below can allow malicious attackers to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.

tags | advisory, arbitrary
SHA-256 | 0674fe2e63dd885cf61091b49ab28998e954b3c5f795450425d58823dc711640
STG Security Advisory 2004-12-20.16
Posted Dec 31, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: An input validation flaw in ZeroBoard versions 4.1pl4 and below can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.

tags | exploit, arbitrary
SHA-256 | c308b0793660dff9bacda679d6ea1adf0cf46f3c7d0c38cbc80870f869879079
STG Security Advisory 2004-12-15.19
Posted Dec 30, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: MediaWiki versions 1.3.8 and below have an input validation flaw that can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.

tags | advisory, arbitrary
SHA-256 | a211d8bcd02954e4890258259f6ac16e529279b265af5e6ae836ed39dc6da79e
STG Security Advisory 2004-12-15.18
Posted Dec 30, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: phpBB Attachment Mod is file upload module for phpBB. However, an input validation flaw can cause malicious attackers to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user. Attachment module 2.3.10 and below is susceptible.

tags | advisory, arbitrary, file upload
SHA-256 | e74215b4efbc9c7dd61e59b553b9a89e735d2c4a129ac87223c14aba220f827e
STG Security Advisory 2004-12-15.17
Posted Dec 30, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: JSBoard is one of widely used web BBS applications in Korea. However, an input validation flaw can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.

tags | advisory, web, arbitrary
SHA-256 | dfa643288ed2920fdb6fef57d24a79aa31187f308fa3d0b9a59bcc0add51b9fd
STG Security Advisory 2004-12-15.1
Posted Dec 30, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: MoniWiki is susceptible to a file upload flaw due to a mishandling of multiple file extensions.

tags | advisory, file upload
SHA-256 | 3ca80312447ed29f02629661ff17057cf7a3f50edd36ea11d5c666f427a22246
STG Security Advisory 2004-12-14.14
Posted Dec 30, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: GNUBoard versions 3.39 and below suffer from a PHP injection vulnerability that allows for arbitrary command execution.

tags | exploit, arbitrary, php
SHA-256 | 0ffcfd1eab87df4c1f629489c1e22156727a7cf5c803d7dab49a4c9692d1dcd7
STG Security Advisory 2004-12-09.13
Posted Dec 30, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: UseModWiki is susceptible to a cross site scripting flaw.

tags | advisory, xss
SHA-256 | 8ceff9b8b495b2bf36cc3d20014f641bbb038e2d16bc26206d1dc4a874b92c47
STG Security Advisory 2004-11-22.12
Posted Dec 11, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: Due to an input validation flaw, Zwiki is vulnerable to cross site scripting attacks.

tags | exploit, xss
SHA-256 | 65b7e075dc354dda1b68af47357e8245716561c8adb622f8769142ea94fc9d0f
STG Security Advisory 2004-11-22.11
Posted Dec 11, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: Due to an input validation flaw, JSPWiki is vulnerable to cross site scripting attacks.

tags | exploit, xss
SHA-256 | ecd38f592043061846aa7d65232f39d632ae3aa0e137fb49d4c2e1f914db517d
STG Security Advisory 2004-11-22.10
Posted Dec 11, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: KorWeblog suffers from a directory traversal vulnerability that malicious attackers can get file lists of arbitrary directories.

tags | exploit, arbitrary
SHA-256 | 71700686df5b1678bd4503f868982180d543ec54e0c9d59cc2e37c275e95716e
STG Security Advisory 2004-11-22.9
Posted Dec 11, 2004
Authored by STG Security | Site stgsecurity.com

STG Security Advisory: cscope is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the right of the user running them, which could be root.

tags | advisory, arbitrary, local, root
SHA-256 | 22aff0b7a3b9fece18550c0a926a047f9299775940d5a1168595ac6a867ae897
STG Security Advisory 2004-10-22.8
Posted Oct 27, 2004
Authored by STG Security

Due to an input validation flaw, MoniWiki versions 1.0.8 and below are vulnerable to cross site scripting attacks.

tags | advisory, xss
SHA-256 | 6a63aea48ca31130e3ab7c679b4efa0a57dbfdc115b7028ceb6ef5aa8fa786fc
bbsEMarket.txt
Posted Sep 15, 2004
Authored by STG Security

BBS E-Market Professional suffers from path disclosure, file download, file disclosure, user authentication bypass, and php source injection vulnerabilities. BBS E-Market patch level bf_130, version 1.3.0, and below is affected.

tags | exploit, php, vulnerability
SHA-256 | fe6396baf023202a3aaa5e1cc4406171bca9fd0ede9d8fba31585a999b2ad73a
WebTide-Eng.txt
Posted Oct 30, 2003
Authored by STG Security | Site stgsecurity.com

InfronTech's J2EE Web Application Server, WebTide v7.04 and below has a directory traversal vulnerability.

tags | advisory, web
SHA-256 | ed3724d201f6106bff77d5b92d7fc95bbdfb5df88fa576432260612cd3f19c2c
Fasoo-Eng.txt
Posted Sep 4, 2003
Authored by STG Security | Site stgsecurity.com

STG Security Advisory SSA-20030902-04: A control vulnerability exists in Wrapsody Viewer version 3.0 that allows a malicious user to bypass the copy and paste restriction.

tags | advisory
SHA-256 | 708e5c36a624c352569629ea7c63257c01c3681b06721bf4d3d4fa7c4980d409
Verity-K2Toolkit-Eng.txt
Posted Jul 9, 2003
Authored by STG Security | Site stgsecurity.com

STG Security Advisory SSA-20030701-02: Verity's K2 Toolkit has a cross site scripting vulnerability in its Query Builder.

tags | exploit, xss
SHA-256 | f983dd385873de4c2d4c4a5383709b519f4ea35bf8c668d5515205021db89086
CSSoft-EZTRansI-Eng.txt
Posted Jul 9, 2003
Authored by STG Security | Site stgsecurity.com

STG Security Advisory SSA-20030701-03: ezTrans Server, the popular portal software used throughout Korea, lacks input validation in the file download module. Due to this, a remote attacker can download any file on the system that the webserver uid can access.

tags | exploit, remote
SHA-256 | d492993f68980b4e668ff2b3131e085ae25dd8e90d2b29a666435ba1b92fbcf3
STG-Verity-K2.txt
Posted Jul 4, 2003
Authored by STG Security

STG Security Advisory SSA-20030701-02 - The Verity K2 Toolkit Query Builder suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 47b9a884062a2fa4a62f0c83e481dc34e665de880a67fb70500473063be7008d
STG-Jeus-Eng.txt
Posted Jun 21, 2003
Authored by STG Security | Site stgsecurity.com

STG Security Advisory - Java Enterprise User Solution, or JEUS, has a cross site scripting vulnerability issue when invoking non-existent URLs.

tags | exploit, java, xss
SHA-256 | fb61d2e5a250f0d0de9f36ee16d044503666f5e77723563ef05e9844f37d058c
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close