114 matches found
Immunity Canvas: ZENCART_REMOTE
Name| zencartremote ---|--- CVE| CVE-2009-2255 Exploit Pack| CANVAS Description| zencartremote Notes| Repeatability: Infinite CVE URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2255 VENDOR: www.zen-cart.com/ CVSS: 6.8 CVE Name: CVE-2009-2255...
CVE-2009-2255
Zen Cart 1.3.8a, 1.3.8 and earlier are affected by an authentication bypass in admin/record_company.php that allows remote code execution. The vulnerability occurs because admin authentication is not enforced for that module; an attacker can upload a PHP file via the record_company_image paramete...
CVE-2008-2255
Microsoft Internet Explorer 5.01, 6, and 7 suffer a memory corruption vulnerability (uninitialized memory) that can lead to a denial of service and remote code execution via unknown vectors. The connected advisories associate CVE-2008-2255 with MS08-045 (Cumulative Security Update for Internet Ex...
MS08-045: Cumulative Security Update for Internet Explorer (953838)
The remote host is missing the IE cumulative security update 953838. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid33874;...
CVE-2002-2255
The CVE-2002-2255 entry describes an XSS vulnerability in phpBB 2.0.3 and possibly earlier versions. The issue enables remote attackers to inject arbitrary web script or HTML via the search_username parameter in the searchuser mode, potentially compromising user sessions or data integrity. Accord...
Remote file inclusion
PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insertlink.php in download engine Download-Engine 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spawroot parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in...
CVE-2007-2255
Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 engdir parameter to addmember.php, 2 langpath parameter to admin/enginelib/class.phpmailer.php, and the 3 spawroot parameter to...
CVE-2007-2255
Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 engdir parameter to addmember.php, 2 langpath parameter to admin/enginelib/class.phpmailer.php, and the 3 spawroot parameter to...
CVE-2007-2255
CVE-2007-2255 affects Download-Engine 1.4.3 and describes multiple PHP remote file inclusion vulnerabilities. The vulnerabilities allow an attacker to supply a URL in parameters (eng_dir to addmember.php, lang_path to admin/enginelib/class.phpmailer.php, and spaw_root to admin/includes/spaw/dialo...
CVE-2006-2255
The CVE-2006-2255 entry concerns Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier. Affected parameters include article_id (ArticleView.php), forum_id (DiscView.php or Discussions.php), event_id (EventView.php), AddVote and answer_id (PollResults.php), and mid (D...
CVE-2005-2255
CVE-2005-2255 describes a directory traversal in PhpAuction 2.5 where an attacker can manipulate the lan parameter in index.php or admin/index.php to read arbitrary files, include local PHP files, or glean sensitive path information. The root cause is improper validation of the lan parameter allo...
CVE-2004-2255
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename...
phpMyFAQ index.php action Parameter Local File Inclusion
The version of phpMyFAQ on the remote host contains a flaw that may lead to an unauthorized information disclosure. The problem is that user input passed to the 'action' parameter is not properly verified before being used to include files, which could allow a remote attacker to view any accessib...
CVE-2002-2255
Cross-site scripting XSS vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the searchusername parameter in searchuser mode...