118 matches found
CVE-2010-2005
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine DLE 8.3 allow remote attackers to execute arbitrary PHP code via a URL in 1 the selectedlanguage parameter to engine/inc/include/init.php, 2 the configlangs parameter to engine/inc/help.php, 3 the configlang parameter to...
CVE-2010-2005
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine DLE 8.3 allow remote attackers to execute arbitrary PHP code via a URL in 1 the selectedlanguage parameter to engine/inc/include/init.php, 2 the configlangs parameter to engine/inc/help.php, 3 the configlang parameter to...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine DLE 8.3 allow remote attackers to execute arbitrary PHP code via a URL in 1 the selectedlanguage parameter to engine/inc/include/init.php, 2 the configlangs parameter to engine/inc/help.php, 3 the configlang parameter to...
CVE-2010-2005
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine DLE 8.3 allow remote attackers to execute arbitrary PHP code via a URL in 1 the selectedlanguage parameter to engine/inc/include/init.php, 2 the configlangs parameter to engine/inc/help.php, 3 the configlang parameter to...
CVE-2010-2005
CVE-2010-2005 affects DataLife Engine 8.3 with multiple PHP remote file inclusion (RFI) vulnerabilities that allow an attacker to execute arbitrary PHP code. The affected vectors are: (1) selected_language to engine/inc/include/init.php, (2) config[langs] to engine/inc/help.php, (3) config[lang] ...
Cross-Site Scripting уязвимость в Переходы для DataLife Engine
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в модуле Переходы для DataLife Engine DLE. XSS: Это persistent XSS уязвимость. Которая позволяет провести атаку через заголовок Referer, в случае когда на сайте выводятся ссылки на непосредственные запросы в поисков...
Vulnerability in Referer for DataLife Engine
Hello Bugtraq! I want to warn you about security vulnerability in Referer module for DataLife Engine DLE. ----------------------------- Advisory: Vulnerability in Referer for DataLife Engine ----------------------------- URL: http://websecurity.com.ua/3942/ ----------------------------- Affected...
DataLife Engine 6.9 Cross Site Scripting
Hello Bugtraq! I want to warn you about security vulnerability in Referer module for DataLife Engine DLE. ----------------------------- Advisory: Vulnerability in Referer for DataLife Engine ----------------------------- URL: http://websecurity.com.ua/3942/ ----------------------------- Affected...
Vulnerabilities in DataLife Engine
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Abuse of Functionality и Insufficient Anti-automation уязвимостях в DataLife Engine DLE. Abuse of Functionality: http://site/index.php?do=register На странице регистрации функция "Проверить имя" позволяет выявить логины пользователей в системе...
Vulnerability in Tagcloud for DataLife Engine
Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting уязвимости в плагине Tagcloud для DataLife Engine DLE. Данная уязвимость идентична XSS уязвимости в 3D Cloud для Joomla http://websecurity.com.ua/3883/. Про миллионы флешек tagcloud.swf уязвимых к XSS атакам я упоминал в своей статье XSS...
DataLife Engine 8.3 - engineincincludeinit.php?selected_language Remote File Inclusion
DataLife Engine 8.3 - engineincincludeinit.php?selectedlanguage Remote File Inclusion source: https://www.securityfocus.com/bid/37851/info Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues...
DataLife Engine 8.3 - engineinchelp.php?config[langs] Remote File Inclusion
DataLife Engine 8.3 - engineinchelp.php?configlangs Remote File Inclusion source: https://www.securityfocus.com/bid/37851/info Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow a...
DataLife Engine 8.3 Remote File Inclusion
======================================================================================== | Title : DataLife Engine 8.3 RFI Vulnerability | Author : indoushka | email : [email protected] | Home : www.iq-ty.com/vb | Script Home :...
DataLife Engine 8.3 - engineajaxpm.php?config[lang] Remote File Inclusion
DataLife Engine 8.3 - engineajaxpm.php?configlang Remote File Inclusion source: https://www.securityfocus.com/bid/37851/info Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an...
DataLife Engine 8.3 - engineajaxaddcomments.php?_REQUEST[skin] Remote File Inclusion
DataLife Engine 8.3 - engineajaxaddcomments.php?REQUESTskin Remote File Inclusion source: https://www.securityfocus.com/bid/37851/info Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may...
DataLife Engine 8.3 - '/engine/ajax/addcomments.php?_REQUEST[skin]' Remote File Inclusion
source: https://www.securityfocus.com/bid/37851/info Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks a...
DataLife Engine 8.3 - '/engine/ajax/pm.php?config[lang]' Remote File Inclusion
source: https://www.securityfocus.com/bid/37851/info Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks a...
DataLife Engine 8.3 - '/engine/inc/include/init.php?selected_language' Remote File Inclusion
source: https://www.securityfocus.com/bid/37851/info Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks a...
DataLife Engine 8.3 - '/engine/inc/help.php?config[langs]' Remote File Inclusion
source: https://www.securityfocus.com/bid/37851/info Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks a...
CVE-2009-3055
PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine DLE 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dleconfigapi parameter...