jetlib.sec » Tags » file-uploads

Feeds

133354 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

7 items tagged "file uploads"

Related tags: ubuntu [+], server request [+], security [+], notice [+], confidential data [+], sst [+], sheller [+], php shell [+], php [+], photograph images [+], photograph [+], malicious users [+], file [+], avatar [+]

• October 16, 2011
• 10:22

  PHP SST Sheller 1.0

   » ‎ Packet Storm Security Tools
  This is simply a PHP shell with a bunch of features like spoofing mail, file uploads, and more.

  Tags:  sst sheller php php-shell file-uploads  

• 10:22

  PHP SST Sheller 1.0

   » ‎ Packet Storm Security Tools
  This is simply a PHP shell with a bunch of features like spoofing mail, file uploads, and more.

  Tags:  sst sheller php php-shell file-uploads  

• February 18, 2011
• 9:09

  Ubuntu Security Notice USN-1066-1

   » ‎ Packet Storm Security Advisories
  Ubuntu Security Notice 1066-1 - It was discovered that Django did not properly validate HTTP requests that contain an X-Requested-With header. An attacker could exploit this vulnerability to perform cross-site request forgery (CSRF) attacks. It was discovered that Django did not properly sanitize its input when performing file uploads, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

  Tags:  ubuntu notice security server-request confidential-data file-uploads  

• 9:09

  Ubuntu Security Notice USN-1066-1

   » ‎ Packet Storm Security Recent Files
  Ubuntu Security Notice 1066-1 - It was discovered that Django did not properly validate HTTP requests that contain an X-Requested-With header. An attacker could exploit this vulnerability to perform cross-site request forgery (CSRF) attacks. It was discovered that Django did not properly sanitize its input when performing file uploads, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

  Tags:  ubuntu notice security server-request confidential-data file-uploads  

• 9:09

  Ubuntu Security Notice USN-1066-1

   » ‎ Packet Storm Security Misc. Files
  Ubuntu Security Notice 1066-1 - It was discovered that Django did not properly validate HTTP requests that contain an X-Requested-With header. An attacker could exploit this vulnerability to perform cross-site request forgery (CSRF) attacks. It was discovered that Django did not properly sanitize its input when performing file uploads, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

  Tags:  ubuntu notice security server-request confidential-data file-uploads  

• April 19, 2010
• 18:00

  secunia-e107apifu.txt

   » ‎ Packet Storm Security Recent Files
  Secunia Research has discovered a vulnerability in e107, which can be exploited by malicious users to compromise a vulnerable system. An error exists in the handling of file uploads for avatar and photograph images. This can be exploited to upload and execute arbitrary PHP code via a specially crafted image file with a .php.filetypesphp extension. Successful exploitation requires that Public Uploads are disabled (default), but uploads for avatar or photograph images for users are enabled, and a certain server configuration (e.g. an Apache server with the mod_mime module installed).e107 version 0.7.19 is affected.

  Tags:  avatar file photograph photograph-images file-uploads malicious-users  

• 18:00

  secunia-e107apifu.txt

   » ‎ Packet Storm Security Advisories
  Secunia Research has discovered a vulnerability in e107, which can be exploited by malicious users to compromise a vulnerable system. An error exists in the handling of file uploads for avatar and photograph images. This can be exploited to upload and execute arbitrary PHP code via a specially crafted image file with a .php.filetypesphp extension. Successful exploitation requires that Public Uploads are disabled (default), but uploads for avatar or photograph images for users are enabled, and a certain server configuration (e.g. an Apache server with the mod_mime module installed).e107 version 0.7.19 is affected.

  Tags:  avatar file photograph photograph-images file-uploads malicious-users