what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

Files

Simple Web-Server 1.2 Directory Traversal
Posted Jun 6, 2011
Authored by AutoSec Tools | Site autosectools.com

A directory traversal vulnerability in Simple web-server version 1.2 can be exploited to read files outside of the web root.

tags | exploit, web, root
MD5 | 0953890bc1299e7b8cb0e44e8992b42d

Related Files

OpenSIS 'modname' PHP Code Execution
Posted Dec 23, 2013
Authored by EgiX | Site metasploit.com

This Metasploit module exploits a PHP code execution vulnerability in OpenSIS versions 4.5 to 5.2 which allows any authenticated user to execute arbitrary PHP code under the context of the web-server user. The 'ajax.php' file calls 'eval()' with user controlled data from the 'modname' parameter.

tags | exploit, web, arbitrary, php, code execution
advisories | CVE-2013-1349
MD5 | da99d91f8a19ec46699763b1e01053d4
Secunia Security Advisory 44856
Posted Jun 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - AutoSec Tools has discovered a vulnerability in Storecalc Simple web-server, which can be exploited by malicious people to disclose sensitive information.

tags | advisory, web
MD5 | 3ac62f01e0066367d364cc3f62988a94
Simple Web Content Management System 1.21 SQL Injection
Posted Feb 1, 2011
Authored by AutoSec Tools | Site autosectools.com

Simple Web Content Management System version 1.21 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, web, sql injection, bypass
MD5 | 69c826accb73128a8b3e462cebe99658
Core Security Technologies Advisory 2010.1018
Posted Nov 11, 2010
Authored by Core Security Technologies, Aureliano Calvo | Site coresecurity.com

Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: The Landesk web application does not sufficiently verify if a well-formed request was provided by the user who submitted the request. Using this information an external remote attacker can run arbitrary code using the 'gsbadmin' user (that is the user running the web-server). In order to be able to successfully make the attack, the administrator must be logged in to the appliance with the browser that the attacker uses to make the attack (for instance, exploiting a XSS in a different tab in the browser).

tags | exploit, remote, web, arbitrary
advisories | CVE-2010-2892
MD5 | 2412d34e2de095ab25c8443ce011e238
Debian Linux Security Advisory 1075-1
Posted May 29, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1075-1: Hendrik Weimer discovered that awstats can execute arbitrary commands under the user id the web-server runs when users are allowed to supply arbitrary configuration files. Even though, this bug was referenced in DSA 1058 accidently, it was not fixed yet.

tags | advisory, web, arbitrary
systems | linux, debian
MD5 | ac4a8ef7ad9eb83121f837629984afa1
iDEFENSE Security Advisory 2005-11-10.3
Posted Nov 12, 2005
Authored by iDefense Labs, Maciej Piotr Falkiewicz | Site idefense.com

iDEFENSE Security Advisory 11.10.05 - Remote exploitation of an input validation vulnerability in Tikiwiki could allow attackers to gain access to arbitrary files on the vulnerable system and execute arbitrary code under the privileges of the underlying web-server. iDEFENSE has confirmed the existence of this issue in Tikiwiki versions 1.8.4 and 1.8.5. It is suspected that earlier versions are vulnerable as well. This vulnerability differs than the one described in 11.10.05-2.

tags | advisory, remote, web, arbitrary
advisories | CVE-2005-1925
MD5 | 47835603e7c06341c2a11e459c9dba04
iDEFENSE Security Advisory 2005-11-10.2
Posted Nov 12, 2005
Authored by iDefense Labs, codeauditor | Site idefense.com

iDEFENSE Security Advisory 11.10.05 - Remote exploitation of an input validation vulnerability in Tikiwiki allows attackers to gain access to arbitrary files on the vulnerable system under the privileges of the underlying web-server. iDEFENSE has confirmed the existence of this issue in Tikiwiki versions 1.8.4 and 1.8.5. It is suspected that earlier versions are vulnerable as well.

tags | advisory, remote, web, arbitrary
advisories | CVE-2005-1925
MD5 | e31423205e3c5f4e30d67fab6422c2f0
trafdisp.tgz
Posted Apr 6, 2001
Site thegod.bsd.org.il

Trafdisp is a sniffer which allows you to monitor the amount of incoming/outgoing KBps on a selected network interface(s) from at least one machine. It allows a network administrator to monitor the traffic that is generated by all the hosts on the network. The traffic is viewable in neat graphs that are generated by a PHP-enabled Web-server. The logs are stored in a MySQL table.

tags | tool, web, php, sniffer
MD5 | b38a9aa186a68fb96025ab683a900709
iss.summary.6.4
Posted Mar 13, 2001
Site xforce.iss.net

ISS Security Alert Summary for March 5, 2001 - Volume 6 Number 4. 90 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: a1-server-dos, a1-server-directory-traversal, webreflex-web-server-dos, sedum-http-dos, tru64-inetd-dos, outlook-vcard-bo, ultimatebb-cookie-member-number, ultimatebb-cookie-gain-privileges, sendmail-elevate-privileges, jre-jdk-execute-commands, licq-remote-port-dos, pgp4pine-expired-keys, chilisoft-asp-view-files, win2k-domain-controller-dos, asx-remote-dos, vshell-port-forwarding-rule, pi3web-isapi-bo, pi3web-reveal-path, bajie-execute-shell, bajie-directory-traversal, resin-directory-traversal, netware-mitm-recover-passwords, firebox-pptp-dos, hp-virtualvault-iws-dos, kicq-execute-commands, hp-text-editor-bo, sendtemp-pl-read-files, analog-alias-bo, elm-long-string-bo, winnt-pptp-dos, startinnfeed-format-string, his-auktion-cgi-url, wayboard-cgi-view-files, muskat-empower-url-dir, icq-icu-rtf-dos, commerce-cgi-view-files, roads-search-view-files, webpage-cgi-view-info, webspirs-cgi-view-files, webpals-library-cgi-url, cobol-apptrack-nolicense-permissions, cobol-apptrack-nolicense-symlink, vixie-crontab-bo, novell-groupwise-bypass-policies, infobot-calc-gain-access, linux-sysctl-read-memory, openssh-bypass-authentication, lotus-notes-stored-forms, linux-ptrace-modify-process, ssh-deattack-overwrite-memory, dc20ctrl-port-bo, ja-xklock-bo, ja-elvis-elvrec-bo, ko-helvis-elvrec-bo, serverworx-directory-traversal, ntlm-ssp-elevate-privileges, ssh-session-key-recovery, aolserver-directory-traversal, chilisoft-asp-elevate-privileges, win-udp-dos, ssh-daemon-failed-login, picserver-directory-traversal, biblioweb-directory-traversal, biblioweb-get-dos, ibm-netcommerce-reveal-information, win-dde-elevate-privileges, hsweb-directory-browsing, sedum-directory-traversal, free-java-directory-traversal, goahead-directory-traversal, gnuserv-tcp-cookie-overflow, xmail-ctrlserver-bo, netscape-webpublisher-acl-permissions, cups-httpgets-dos, prospero-get-pin, and prospero-weak-permissions.

tags | java, remote, web, overflow, shell, cgi, udp, tcp, vulnerability, asp
systems | linux, windows, nt
MD5 | 87e919b0a44856d6e6e0f4352a15d142
cisconuke.c
Posted May 23, 2000
Site hack.co.za

cisconuke.c reboots cisco routers which have the web-server interface open by sending invalid data to port 80.

tags | web
systems | cisco
MD5 | 6a5bc7332aeab4221a5c92bf3bcd7bf4
S-96-22.asc
Posted Jan 10, 2000

Subject CERN Web-server 3.0 Date 16-May-96

tags | web
MD5 | 3df91f6654e0c2aa0962286702f1495a
swish-E.txt
Posted Aug 17, 1999

Swish search engine vulnerabilities could allow remote access to the web-server as the user that the server is running as.

tags | exploit, remote, web, vulnerability
MD5 | d3a04a437c8eb1c74fa6641b5a2992e6
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    11 Files
  • 12
    Aug 12th
    11 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close