995 matches found
Information disclosure
CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files...
CVE-2011-3719
CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files...
CVE-2011-3719
CVE-2011-3719 — CodeIgniter 1.7.2 information disclosure . The vulnerability allows remote attackers to obtain the installation path by requesting a direct .php file, causing an error message that reveals sensitive path information (as shown by system/scaffolding/views/view.php and related files)...
codeigniter -- SQL injection vulnerability
The CodeIgniter changelog reports: An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection. An incompatibility in PHP versions 5.0.7 with mysqlsetcharset creates a...
FreeBSD Ports: codeigniter
The remote host is missing an update to the system as announced in the referenced advisory. VID 0502c1cb-8f81-11df-a0bb-0050568452ac OpenVAS Vulnerability Test $ Description: Auto generated from VID 0502c1cb-8f81-11df-a0bb-0050568452ac Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...
FreeBSD Ports: codeigniter
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD : codeigniter -- file upload class vulnerability (0502c1cb-8f81-11df-a0bb-0050568452ac)
Derek Jones reports : A fix has been implemented for a security flaw in CodeIgniter 1.7.2. All applications using the File Upload class should install the patch to ensure that their application is not subject to a vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...
codeigniter -- file upload class vulnerability
Derek Jones reports: A fix has been implemented for a security flaw in CodeIgniter 1.7.2. All applications using the File Upload class should install the patch to ensure that their application is not subject to a vulnerability...
CodeIgniter 1.0 - 'BASEPATH' Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/38672/info CodeIgniter is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are...
CodeIgniter 1.0 - BASEPATH Multiple Remote File Inclusions
CodeIgniter 1.0 - BASEPATH Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/38672/info CodeIgniter is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to...
CodeIgniter 1.0 Remote File Inclusion
CodeIgniter v1.0 Remote File Inclusion Vulnerability @package CodeIgniter @Version 1.0 @license http://codeigniter.com/userguide/license.html @link http://codeigniter.com Type : Remote File Inclusion Vulnerability Author: eidelweiss Date : 2010-02-13 Location: Indonesia...
CodeIgniter v1.0 Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ==================================================== CodeIgniter v1.0 Remote File Inclusion Vulnerability ==================================================== @package CodeIgniter @Version 1.0 @license...
CodeIgniter Global XSS Filtering Bypass Vulnerability
======================================== CodeIgniter Global XSS Filtering Bypass Vulnerability ======================================== Discovered by: Aung Khant, YGN Ethical Hacker Group, Myanmar http://yehg.net/ believe in full disclosure Product : CodeIgniter http://www.codeigniter.com Product...
FreeBSD Ports: codeigniter
The remote host is missing an update to the system as announced in the referenced advisory. VID 83574d5a-f828-11dd-9fdf-0050568452ac OpenVAS Vulnerability Test $ Description: Auto generated from VID 83574d5a-f828-11dd-9fdf-0050568452ac Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
FreeBSD Ports: codeigniter
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD : codeigniter -- arbitrary script execution in the new Form Validation class (83574d5a-f828-11dd-9fdf-0050568452ac)
znirkel reports : The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...
codeigniter -- arbitrary script execution in the new Form Validation class
znirkel reports: The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...
Crlf injection
CRLF injection vulnerability in the redirect function in urlhelper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header...
Cross site scripting
Cross-site scripting XSS vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via 1 String.fromCharCode and 2 malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xssclean function...
Directory traversal
Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enablequerystrings is true, allows remote attackers to read arbitrary files via a .. dot dot in the c parameter...