RadScripts RadLance 7.0 - popup.php Local File Inclusion

RadScripts RadLance 7.0 - popup.php Local File Inclusion source: https://www.securityfocus.com/bid/17975/info RadLance is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts. RadLance Gold 7.0 is reported affected by this issue...

RadScripts RadLance 7.0 - 'popup.php' Local File Inclusion

source: https://www.securityfocus.com/bid/17975/info RadLance is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts. RadLance Gold 7.0 is reported affected by this issue; other versions may also be vulnerable. !/usr/bin/perl...

[Full-disclosure] [TZO-042006] Insecure Auto-Update and File execution

Zango Adware - Insecure Auto-Update and File execution Reference : TZO-042006-Zango Author : Thierry Zoller Advisory : http://secdev.zoller.lu/research/zango.htm Shameless Plug : I would like to take the opportunity to invite you to the Security Conference known as "Hack.lu 2006" in the Grand-Duc...

Advanced Guestbook 2.x - 'Addentry.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17745/info Advanced GuestBook for phpBB is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...

Directory traversal

Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via ".." sequences in the language cookie, as demonstrated by by injecting the code into the glsession cookie of users.php, which is stored in error.log...

Monster Top List 1.4 - 'functions.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17546/info Monster Top List is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

Ubuntu 4.10 / 5.04 / 5.10 : kdegraphics, koffice, xpdf, cupsys, poppler, tetex-bin vulnerabilities (USN-270-1)

Derek Noonburg discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that...

CVE-2006-1243

CVE-2006-1243 affects Simple PHP Blog (SPB) up to version 0.4.7.1, via install05.php. The vulnerability is a local file inclusion triggered by improper handling of the blog_language parameter, allowing directory traversal and a NUL character to force inclusion of arbitrary local files (demonstrat...

[TZO-062006] Safe'nVulnerable

Safe'nSec - Insecure File execution and Auto-startup Ref : TZO-062006-SafenSec Author : Thierry Zoller WWW : http://secdev.zoller.lu Article : http://secdev.zoller.lu/research/safensec.htm I. Background "Safe'n'Sec is complex data and user applications protection against threats and vulnerabiliti...

CVE-2006-0785

Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with 1 '/' slash for an absolute pathname or 2 a drive...

Digital Armaments Security Advisory 02.14.2006: Gallery web-based photo gallery remote file execution

Gallery web-based photo gallery remote file execution Digital Armaments advisory is 02.14.2006 http://www.digitalarmaments.com/2006140293402395.html I. Background Gallery is a slick Web-based photo album written using PHP. It is easy to install, includes a config wizard, and provides users with t...

Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT

Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG DIRECTORY + FILENAME EXPLOIT Found this 'bug' about 1 year n a half ago. If u drag and drop a folder containing 1 or more file from your computer into the nick of someone in your contact list it is possible to send a full directory... The possibility to...

ImageVue 0.16.1 - 'upload.php' Unrestricted Arbitrary File Upload

source: https://www.securityfocus.com/bid/16594/info ImageVue is prone to multiple vulnerabilities, including unauthorized uploading of files with arbitrary extensions, authentication bypass, information disclosure, and content injection. Successful exploitation could allow attackers to upload an...

EUVD-2003-1282

PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to 1 ashnews.php and 2 ashheadlines.php...

cmd. asp some deformation-vulnerability warning-the black bar safety net

Here's the asp back door does not mean like those word Trojan, chop off, the ice Fox and the like b/s type, only refers to as cmd. asp or 2005a. asp. First, take a look zzzeva free fso cmd. asp The code is as follows:form method="post" input type=text name="cmd" size=6 0 input type=submit...

Tolva 0.1 - Usermods.php Remote File Inclusion

Tolva 0.1 - Usermods.php Remote File Inclusion source: https://www.securityfocus.com/bid/16000/info Tolva is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the...

Carello detection

Carello.dll was found on your web server. Versions up to 1.3 of this web shopping cart allowed anybody to run arbitrary commands on your server. Note that no attack was performed, and the version number was not checked, so this might be a false alert OpenVAS Vulnerability Test $Id: carello.nasl...

CVE-2005-3375

Multiple interpretation error in Ikarus demo version allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a...

CVE-2005-3373

Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangero...

CVE-2005-3381

Multiple interpretation error in Ukrainian National Antivirus UNA 1.83.2.16 with kernel 265 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe...