CVE-2005-1866

Cross-site scripting XSS vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter...

PT-2005-2822 · Calendarix · Calendarix Advanced

Name of the Vulnerable Software and Affected Versions: Calendarix Advanced version 1.5 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the catview parameter to API endpoints such as "/cal week.php", "/cal cat.php", or "/cal day.php", or t...

CVE-2005-1797

The CVE describes a timing-side-channel vulnerability in AES (Rijndael) implementations: S-box lookups are difficult to perform in constant time, potentially allowing remote attackers to recover encryption keys. Documents cite the theoretical possibility of key recovery via timing analysis and re...

multiple vulnerability Calendarix Advanced

/ Advisorie : 01-0005-15 title: multiple vulnerability Software: Calendarix Advanced Date: 28. April 2005 Web: http://www.calendarix.com/ / - Affected software description: Webcalendar is a web software write in php y mysql - Expoit: Include line 16 admin/caladmintop.php:includeonce...

CVE-2005-1866

Cross-site scripting XSS vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter...

PHP Advanced Transfer Manager < 1.22 File Upload Arbitrary Command Execution

Binary data 2933.prm...

PHP Advanced Transfer Manager 1.21 - Arbitrary File Inclusion

PHP Advanced Transfer Manager 1.21 - Arbitrary File Inclusion source: https://www.securityfocus.com/bid/13691/info PHP Advanced Transfer Manager is prone to an arbitrary file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...

PHP Advanced Transfer Manager 1.21 - Arbitrary File Inclusion

source: https://www.securityfocus.com/bid/13691/info PHP Advanced Transfer Manager is prone to an arbitrary file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side...

CVE-2005-1604

CVE-2005-1604 affects PHP Advanced Transfer Manager (phpATM) 1.21. The vulnerability allows remote attackers to upload arbitrary files by crafting a filename with multiple extensions (e.g., ending in php.ns), enabling execution of arbitrary PHP code on the server. Connected sources corroborate a ...

CVE-2005-1548

CVE-2005-1548 is an SQL injection vulnerability in the index.php of Advanced Guestbook 2.3.1 . The flaw occurs in the entry parameter , allowing remote attackers to execute arbitrary SQL commands. The underlying issue is an input validation flaw that fails to sanitize user input before database i...

CVE-2005-1548

SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary SQL commands via the entry parameter...

CVE-2005-1548

SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary SQL commands via the entry parameter...

CVE-2003-1179

Summary of CVE-2003-1179 (Advanced Poll 2.0.2): The vulnerability consists of multiple PHP remote file inclusion flaws that allow an attacker to execute arbitrary PHP code. The issue is triggered via the include_path parameter in booth.php, png.php, poll_ssi.php, or popup.php, and the base_path p...

CVE-2003-1181

Advanced Poll 2.0.2 (PHP-based poll system) is affected. The vulnerability stems from info.php calling phpinfo(), allowing remote attackers to disclose sensitive information about the host PHP configuration. Exploitation is remote information disclosure; no patch/version remediation details are p...

CVE-2004-1952

The CVE-2004-1952 entry describes a SQL injection vulnerability in Advanced Guestbook 2.2. The vulnerability affects the product’s password handling, allowing remote attackers to execute arbitrary SQL commands and gain privileges. CVSS v2 base score is 7.5 (HIGH) with network attack vector, low a...

CVE-2004-1952

SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password...

CVE-2003-1179

Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the includepath parameter in 1 booth.php, 2 png.php, 3 pollssi.php, or 4 popup.php, the 5 basepath parameter to common.inc.php...

CVE-2003-1180

Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the basepath or pollvarslang parameters to the admin files 1 index.php, 2 admintplnew.php, 3 admintplmiscnew.php, 4...

CVE-2003-1181

Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo function...

CVE-2003-1180

CVE-2003-1180 describes a directory traversal vulnerability in Advanced Poll 2.0.2 . The issue allows remote attackers to read arbitrary files or inject arbitrary local PHP files by using “..” sequences in the parameters base_path or pollvars[lang] when accessing admin scripts (1) index.php, (2) ...