STG Security Advisory: Discuz! does not properly check extensions of uploaded files, so malicious attackers can upload a file with multiple extensions such as attach.php.php.php.php.rar to a web server. This can be exploited to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user. Versions 4.0.0 rc4 and prior are affected.
775ef1242c51c2277126826ccfd8fa8b30037749b6f168553c83ae3eac202a70STG Security Advisory: JSBoard versions 2.0.9 and below suffer from an input validation flaw that allows for arbitrary file reading.
04fa973bf4b6839924d1a72282fd12936c652ed1299fc3906090b148f9953989STG Security Advisory: GForge versions 3.3 and below are susceptible to directory traversal attacks.
8dc2e1f4564aa448435f8b3771a3642f05fd3c4d9e6cbbf1dbd81ef08a7da42aSTG Security Advisory: An input validation flaw in ZeroBoard can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
0c9e35a9c275bc19120772f641e5b82ca15d9b4c4e3661ccf564440202b8c080STG Security Advisory: An input validation flaw in GNUBoard versions 3.40 and below can allow malicious attackers to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
0674fe2e63dd885cf61091b49ab28998e954b3c5f795450425d58823dc711640STG Security Advisory: An input validation flaw in ZeroBoard versions 4.1pl4 and below can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
c308b0793660dff9bacda679d6ea1adf0cf46f3c7d0c38cbc80870f869879079STG Security Advisory: MediaWiki versions 1.3.8 and below have an input validation flaw that can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
a211d8bcd02954e4890258259f6ac16e529279b265af5e6ae836ed39dc6da79eSTG Security Advisory: phpBB Attachment Mod is file upload module for phpBB. However, an input validation flaw can cause malicious attackers to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user. Attachment module 2.3.10 and below is susceptible.
e74215b4efbc9c7dd61e59b553b9a89e735d2c4a129ac87223c14aba220f827eSTG Security Advisory: JSBoard is one of widely used web BBS applications in Korea. However, an input validation flaw can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
dfa643288ed2920fdb6fef57d24a79aa31187f308fa3d0b9a59bcc0add51b9fdSTG Security Advisory: MoniWiki is susceptible to a file upload flaw due to a mishandling of multiple file extensions.
3ca80312447ed29f02629661ff17057cf7a3f50edd36ea11d5c666f427a22246STG Security Advisory: GNUBoard versions 3.39 and below suffer from a PHP injection vulnerability that allows for arbitrary command execution.
0ffcfd1eab87df4c1f629489c1e22156727a7cf5c803d7dab49a4c9692d1dcd7STG Security Advisory: UseModWiki is susceptible to a cross site scripting flaw.
8ceff9b8b495b2bf36cc3d20014f641bbb038e2d16bc26206d1dc4a874b92c47STG Security Advisory: Due to an input validation flaw, Zwiki is vulnerable to cross site scripting attacks.
65b7e075dc354dda1b68af47357e8245716561c8adb622f8769142ea94fc9d0fSTG Security Advisory: Due to an input validation flaw, JSPWiki is vulnerable to cross site scripting attacks.
ecd38f592043061846aa7d65232f39d632ae3aa0e137fb49d4c2e1f914db517dSTG Security Advisory: KorWeblog suffers from a directory traversal vulnerability that malicious attackers can get file lists of arbitrary directories.
71700686df5b1678bd4503f868982180d543ec54e0c9d59cc2e37c275e95716eSTG Security Advisory: cscope is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the right of the user running them, which could be root.
22aff0b7a3b9fece18550c0a926a047f9299775940d5a1168595ac6a867ae897Due to an input validation flaw, MoniWiki versions 1.0.8 and below are vulnerable to cross site scripting attacks.
6a63aea48ca31130e3ab7c679b4efa0a57dbfdc115b7028ceb6ef5aa8fa786fcBBS E-Market Professional suffers from path disclosure, file download, file disclosure, user authentication bypass, and php source injection vulnerabilities. BBS E-Market patch level bf_130, version 1.3.0, and below is affected.
fe6396baf023202a3aaa5e1cc4406171bca9fd0ede9d8fba31585a999b2ad73aInfronTech's J2EE Web Application Server, WebTide v7.04 and below has a directory traversal vulnerability.
ed3724d201f6106bff77d5b92d7fc95bbdfb5df88fa576432260612cd3f19c2cSTG Security Advisory SSA-20030902-04: A control vulnerability exists in Wrapsody Viewer version 3.0 that allows a malicious user to bypass the copy and paste restriction.
708e5c36a624c352569629ea7c63257c01c3681b06721bf4d3d4fa7c4980d409STG Security Advisory SSA-20030701-02: Verity's K2 Toolkit has a cross site scripting vulnerability in its Query Builder.
f983dd385873de4c2d4c4a5383709b519f4ea35bf8c668d5515205021db89086STG Security Advisory SSA-20030701-03: ezTrans Server, the popular portal software used throughout Korea, lacks input validation in the file download module. Due to this, a remote attacker can download any file on the system that the webserver uid can access.
d492993f68980b4e668ff2b3131e085ae25dd8e90d2b29a666435ba1b92fbcf3STG Security Advisory SSA-20030701-02 - The Verity K2 Toolkit Query Builder suffers from a cross site scripting vulnerability.
47b9a884062a2fa4a62f0c83e481dc34e665de880a67fb70500473063be7008dSTG Security Advisory - Java Enterprise User Solution, or JEUS, has a cross site scripting vulnerability issue when invoking non-existent URLs.
fb61d2e5a250f0d0de9f36ee16d044503666f5e77723563ef05e9844f37d058c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed