2123 matches found
Verlihub Control Panel <= 1.7.x Local File Inclusion Vulnerability
No description provided by source. Verlihub Control Panel v 1.7 PHP 4.x Local File Inclusion http://vhcp.verlihub- project.org/ Bug Found By Methodman From TEAMELITE - dchub.nemesis.te-home.net:4120 Bug: Line: 27 - iniset"magicquotesgpc","1"; ............................ Line: 71 - $pagename =...
Verlihub Control Panel 1.7.x - Local File Inclusion
Verlihub Control Panel 1.7.x - Local File Inclusion Verlihub Control Panel v 1.7 PHP 4.x Local File Inclusion http://vhcp.verlihub- project.org/ Bug Found By Methodman From TEAMELITE dchub.nemesis.te-home.net:4120 Bug: Line: 27 - iniset"magicquotesgpc","1"; ............................ Line: 71 -...
Verlihub Control Panel <= 1.7.x Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================== Verlihub Control Panel dchub.nemesis.te-home.net:4120 Bug: Line: 27 - iniset"magicquotesgpc","1"; ............................ Line: 71 - $pagename = isset$GET'page' ?...
Verlihub Control Panel 1.7.x - Local File Inclusion
Verlihub Control Panel v 1.7 PHP 4.x Local File Inclusion http://vhcp.verlihub- project.org/ Bug Found By Methodman From TEAMELITE dchub.nemesis.te-home.net:4120 Bug: Line: 27 - iniset"magicquotesgpc","1"; ............................ Line: 71 - $pagename = isset$GET'page' ? $GET'page' :...
hackersafe-plesk.txt
HackerSafe Labs - Security Advisory http://www.hackersafelabs.com SWsoft Plesk for Windows - SQL Injection Vulnerability Date: 9-11-07 Vendor: www.swsoft.com Package: Plesk for Windows Versions: v7.6.1, v8.1.0, v8.1.1, v8.2.0 Vendor Demo: https://plesk8.1win.demo.swsoft.com:8443/login.php3 Credit...
Directory traversal
Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence...
CVE-2007-4723
CVE-2007-4723 affects Ragnarok Online Control Panel 4.3.4a when used with the Apache HTTP Server. The vulnerability is a directory traversal that allows remote attackers to bypass authentication via crafted URIs ending with publicly accessible pages, demonstrated by a "/...../" sequence and an ac...
CVE-2007-4723
Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence...
CVE-2005-4861
Ragnarok Online Control Panel (ROCP) 4.3.4a is affected by CVE-2005-4861. The vulnerability arises in functions.php where CHECK_AUTH mishandles a trailing "/login.php" in PHP_SELF, allowing remote attackers to bypass authentication when accessing account_manage.php. Reported impact is authenticat...
CVE-2005-4861
functions.php in Ragnarok Online Control Panel ROCP 4.3.4a allows remote attackers to bypass authentication by requesting accountmanage.php with a trailing "/login.php" PHPSELF value, which is not properly handled by the CHECKAUTH function...
VHCS PHPSESSID Cookie Session Fixation
The remote host is running VHCS, a control panel for hosting providers. The GUI portion of the version of VHCS installed on the remote host accepts session identifiers from GET and likely POST variables, which makes it susceptible to a session fixation attack. An attacker may be able to exploit...
CVE-2007-4588
Multiple cross-site scripting XSS vulnerabilities in InterWorx Hosting Control Panel InterWorx-CP Server Admin Level NodeWorx 3.0.2 1 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php; and allow remote authenticated users to inject arbitrary web script or...
CVE-2007-4589
CVE-2007-4589 describes multiple XSS vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2. The issue allows injection of arbitrary script/HTML by manipulating PATH_INFO to index.php and to a set of scripts (siteworx.php, users.php, ftp.php, mysql.php,...
PhpHostBot <= 1.06 (svr_rootscript) Remote File Inclusion Vulnerability
No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV83$2007 ----------------------------------------------------------------------------------------- ECHOADV83$2007 PhpHostBot = 1.06 svrrootscript Remote File Inclusion...
Design/Logic Flaw
user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPa...
CVE-2007-4143
user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPa...
CVE-2007-4143
user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPa...
CVE-2007-4143
CVE-2007-4143 affects the phpCoupon Billing Control Panel (user.php). Affected: remote authenticated users can upgrade to Premium Member status by modifying a URL that includes a specific billing parameter and the substrings REQ=auth, status=success, and custom=upgrade; this may also relate to Pa...
CVE-2007-3120
Cross-site scripting XSS vulnerability in public/code/cpdpage.php in All In One Control Panel AIOCP before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocpdp parameter. NOTE: some of these details are obtained from third party information...
miniwebshop2-xss.txt
-=--------------------ADVISORY-------------------=- Mini Web Shop V.2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mini Web Shop -=+ Version: 2 -=+ Vendor's URL: http://obiewebsite.sourceforge.net/o.php?MiniWebShop -=+ Platform:...