141 matches found
fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion
The remote host is running fuzzylime cms, a PHP-based content management system. The version of fuzzylime cms installed on the remote host fails to sanitize user-supplied input to the 'files' parameter of the 'commsrss.php' script before using it to include PHP code. Regardless of PHP's...
iDevSpot iSupport 1.8 - 'index.php' Local File Inclusion
source: https://www.securityfocus.com/bid/26961/info iSupport is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. This issue affects iSupport 1.8;...
Cross site scripting
Cross-site scripting XSS vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page...
R-Viewer < 1.6.3768 Multiple Vulnerabilities
R-Viewer, a secure document viewer from remotedocs.com, is installed on the remote host. According to the registry, the installation of R-Viewer on the remote Windows host allows arbitrary code to be executed without a user's knowledge and stores unencrypted copies of previously-opened documents ...
WebIf - 'OutConfig' Local File Inclusion
source: https://www.securityfocus.com/bid/24516/info WebIf is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...
XT:Commerce 3.04 - 'index.php' Local File Inclusion
source: https://www.securityfocus.com/bid/22698/info xt:Commerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. xt:Commerce 3.04 and prior...
PHPMyChat 0.140.15 - Languages.Lib.php Local File Inclusion
PHPMyChat 0.140.15 - Languages.Lib.php Local File Inclusion source: https://www.securityfocus.com/bid/20962/info phpMyChat is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files a...
Limbo CMS sql.php classes_dir Parameter Remote File Inclusion
The remote host is running Limbo CMS, a content-management system written in PHP. The version of Limbo CMS installed on the remote host fails to sanitize user-supplied input to the 'classesdir' parameter of the 'classes/adodbt/sql.php' script before using it in PHP 'includeonce' functions. Provid...
Mambo Open Source Multiple Vulnerabilities
The remote installation of Mambo Open Source fails to sanitize input to the 'mosusertemplate' cookie before using it to include PHP code from a local file. An unauthenticated attacker may be able to exploit this issue to view arbitrary files or to execute arbitrary PHP code on the affected host. ...
PHP Doc System 1.5.1 - Local File Inclusion
source: https://www.securityfocus.com/bid/15611/info PHP Doc System is prone to a local file-include vulnerability. This is due to the application's failure to properly sanitize user-supplied input. This may facilitate the unauthorized viewing of files and unauthorized execution of local PHP code...
cosmoshop81078.txt
author : l0om innate| @t | gmx.de WWW.EXCLUDED.ORG product: cosmoshop version: = 8.10.78 problem: 1. sql injection 2. cleartext passwords 3. view any file maunuf.: www.cosmoshop.de what is cosmoshop cosmoshop is a comercial shop system written as a CGI. where is the problem 1. sql injection...
CVE-2004-2445
CVE-2004-2445: Directory traversal in Jaws 0.3 BETA index.php via the gadget parameter allows remote attackers to view arbitrary files using dot-dot sequences. This is documented in multiple sources (NVD/CVE records and Nessus-like disclosures) and confirms a file-read vulnerability in the early ...
W-Nailer 0.34
случайно обнаружыл искал уязвимости на чужом сайте уязвимость в W-Nailer 0.34. Разработчик - http://wnailer.vddh.com/ Узвимость: в файле scripts/thumb.php не проверяется file, в итоге - возможность просмотра любых файлоф на сайте, при просмотре превьюшек типа шелла что-то Пример:...
еще один бажный скрипт в WebAPP v0.9.9.
Здравствуйте, . вот нашел еще новую узвимость в WebAPP v0.9.9.. Просмотр произвольных файлов в WebAPP Web Automated Perl Portal System v0.9.9. Software / Application - WebAPP v0.9.9. Problem-Type - удаленная Vulnerability - возможность чтения файлов и просмотр каталогов. Vendor -...
Remote Web Server Text File Viewing Vulnerability in WebLibs 1.0
Advisory: ========= Remote Web Server Text File Viewing Vulnerability in WebLibs 1.0 Author: ======= John Bissell A.K.A. HighT1mes Vendor Homepage: ================ http://awsd.com/ Date: ===== 12, 07, 2004 Severity: ========= High Overview: ========= WebLibs is a pretty popular simple little Per...
GLSA-200408-09 : Roundup: Filesystem access vulnerability
The remote host is affected by the vulnerability described in GLSA-200408-09 Roundup: Filesystem access vulnerability Improper handling of a specially crafted URL allows access to the server's filesystem, which could contain sensitive information. Impact : An attacker could view files owned by th...
CVE-2004-1742
Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. dot dot in the viewcat parameter...
CVE-2002-1581
Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. dot dot sequences and a null byte %00 in the configLanguage parameter...
Props 0.6.1 XSS and Remote File Viewing Vulnerability
Title: Props 0.6.1 XSS and Remote File Viewing Vulnerability. Software: Props 0.6.1 Vendor: http://props.sourceforge.net/ Platform: PHP4 and MySQL Description: PROPS is an open, extensible Internet publishing system designed specifically for periodicals such as newspapers and magazines who want t...
CVE-2004-0240
Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. dot dot in the shopclosedfile argument to auth.php...