Lucene search
K

141 matches found

Tenable Nessus
Tenable Nessus
added 2008/07/18 12:0 a.m.19 views

fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion

The remote host is running fuzzylime cms, a PHP-based content management system. The version of fuzzylime cms installed on the remote host fails to sanitize user-supplied input to the 'files' parameter of the 'commsrss.php' script before using it to include PHP code. Regardless of PHP's...

10CVSS6.5AI score0.08557EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2007/12/20 12:0 a.m.21 views

iDevSpot iSupport 1.8 - 'index.php' Local File Inclusion

source: https://www.securityfocus.com/bid/26961/info iSupport is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. This issue affects iSupport 1.8;...

7.4AI score
Exploits0
Prion
Prion
added 2007/12/12 12:46 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page...

4.3CVSS6.1AI score0.03628EPSS
Exploits1References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2007/09/18 12:0 a.m.46 views

R-Viewer < 1.6.3768 Multiple Vulnerabilities

R-Viewer, a secure document viewer from remotedocs.com, is installed on the remote host. According to the registry, the installation of R-Viewer on the remote Windows host allows arbitrary code to be executed without a user's knowledge and stores unencrypted copies of previously-opened documents ...

9.3CVSS6.2AI score0.04574EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2007/06/18 12:0 a.m.29 views

WebIf - &#039;OutConfig&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/24516/info WebIf is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2007/02/23 12:0 a.m.22 views

XT:Commerce 3.04 - &#039;index.php&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/22698/info xt:Commerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. xt:Commerce 3.04 and prior...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/11/08 12:0 a.m.11 views

PHPMyChat 0.140.15 - Languages.Lib.php Local File Inclusion

PHPMyChat 0.140.15 - Languages.Lib.php Local File Inclusion source: https://www.securityfocus.com/bid/20962/info phpMyChat is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files a...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/05/03 12:0 a.m.943 views

Limbo CMS sql.php classes_dir Parameter Remote File Inclusion

The remote host is running Limbo CMS, a content-management system written in PHP. The version of Limbo CMS installed on the remote host fails to sanitize user-supplied input to the 'classesdir' parameter of the 'classes/adodbt/sql.php' script before using it in PHP 'includeonce' functions. Provid...

6.4CVSS5.9AI score0.07921EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2006/03/27 12:0 a.m.32 views

Mambo Open Source Multiple Vulnerabilities

The remote installation of Mambo Open Source fails to sanitize input to the 'mosusertemplate' cookie before using it to include PHP code from a local file. An unauthenticated attacker may be able to exploit this issue to view arbitrary files or to execute arbitrary PHP code on the affected host. ...

7.6CVSS6.2AI score0.05527EPSS
Exploits3References4
Exploit DB
Exploit DB
added 2005/11/28 12:0 a.m.24 views

PHP Doc System 1.5.1 - Local File Inclusion

source: https://www.securityfocus.com/bid/15611/info PHP Doc System is prone to a local file-include vulnerability. This is due to the application's failure to properly sanitize user-supplied input. This may facilitate the unauthorized viewing of files and unauthorized execution of local PHP code...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2005/08/31 12:0 a.m.17 views

cosmoshop81078.txt

author : l0om innate| @t | gmx.de WWW.EXCLUDED.ORG product: cosmoshop version: = 8.10.78 problem: 1. sql injection 2. cleartext passwords 3. view any file maunuf.: www.cosmoshop.de what is cosmoshop cosmoshop is a comercial shop system written as a CGI. where is the problem 1. sql injection...

7.4AI score
Exploits0
CVE
CVE
added 2005/08/20 4:0 a.m.56 views

CVE-2004-2445

CVE-2004-2445: Directory traversal in Jaws 0.3 BETA index.php via the gadget parameter allows remote attackers to view arbitrary files using dot-dot sequences. This is documented in multiple sources (NVD/CVE records and Nessus-like disclosures) and confirms a file-read vulnerability in the early ...

5CVSS6.7AI score0.08432EPSS
Exploits1References5Affected Software1
securityvulns
securityvulns
added 2005/06/22 12:0 a.m.23 views

W-Nailer 0.34

случайно обнаружыл искал уязвимости на чужом сайте уязвимость в W-Nailer 0.34. Разработчик - http://wnailer.vddh.com/ Узвимость: в файле scripts/thumb.php не проверяется file, в итоге - возможность просмотра любых файлоф на сайте, при просмотре превьюшек типа шелла что-то Пример:...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2005/04/30 12:0 a.m.28 views

еще один бажный скрипт в WebAPP v0.9.9.

Здравствуйте, . вот нашел еще новую узвимость в WebAPP v0.9.9.. Просмотр произвольных файлов в WebAPP Web Automated Perl Portal System v0.9.9. Software / Application - WebAPP v0.9.9. Problem-Type - удаленная Vulnerability - возможность чтения файлов и просмотр каталогов. Vendor -...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2004/12/08 12:0 a.m.37 views

Remote Web Server Text File Viewing Vulnerability in WebLibs 1.0

Advisory: ========= Remote Web Server Text File Viewing Vulnerability in WebLibs 1.0 Author: ======= John Bissell A.K.A. HighT1mes Vendor Homepage: ================ http://awsd.com/ Date: ===== 12, 07, 2004 Severity: ========= High Overview: ========= WebLibs is a pretty popular simple little Per...

Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.25 views

GLSA-200408-09 : Roundup: Filesystem access vulnerability

The remote host is affected by the vulnerability described in GLSA-200408-09 Roundup: Filesystem access vulnerability Improper handling of a specially crafted URL allows access to the server's filesystem, which could contain sensitive information. Impact : An attacker could view files owned by th...

5CVSS5.6AI score0.08794EPSS
Exploits1References3
NVD
NVD
added 2004/08/24 4:0 a.m.13 views

CVE-2004-1742

Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. dot dot in the viewcat parameter...

5CVSS6.7AI score0.07176EPSS
Exploits1References5
Cvelist
Cvelist
added 2004/07/06 4:0 a.m.27 views

CVE-2002-1581

Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. dot dot sequences and a null byte %00 in the configLanguage parameter...

6.5AI score0.0764EPSS
Exploits1References5
securityvulns
securityvulns
added 2004/05/02 12:0 a.m.26 views

Props 0.6.1 XSS and Remote File Viewing Vulnerability

Title: Props 0.6.1 XSS and Remote File Viewing Vulnerability. Software: Props 0.6.1 Vendor: http://props.sourceforge.net/ Platform: PHP4 and MySQL Description: PROPS is an open, extensible Internet publishing system designed specifically for periodicals such as newspapers and magazines who want t...

Exploits0
Cvelist
Cvelist
added 2004/03/18 5:0 a.m.22 views

CVE-2004-0240

Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. dot dot in the shopclosedfile argument to auth.php...

6.7AI score0.01488EPSS
Exploits0References2
Rows per page
Query Builder