CVE-2006-2478

Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified backurl during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term...

PHPWebFTP 2.3 - Multiple Cross-Site Scripting Vulnerabilities

PHPWebFTP 2.3 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17688/info phpWebFTP is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input using the HTTP 'POST'...

Directory traversal

Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when registerglobals is enabled, allows remote attackers to include arbitrary files via a .. dot dot sequence and trailing NULL %00 byte in the archive parameter in an HTTP POST or COOKIE...

ShoutLIVE 1.1.0 - savesettings.php Remote Code Execution

ShoutLIVE 1.1.0 - savesettings.php Remote Code Execution !/usr/bin/perl ShoutLIVE | +---------------------------------------------+ | Coded by DarkFig | +------------------+ ";exit sub headers print "\n +----------------------------------------------+ | ShoutLIVE "$host", PeerPort = "80", Proto =...

EV0086.txt

New eVuln Advisory: Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability http://evuln.com/vulns/86/summary.html --------------------Summary---------------- eVuln ID: EV0086 CVE: CVE-2006-0896 Software: Simple Machines Forum - SMF Sowtware's Web Site: http://www.simplemachines.org/...

[Full-disclosure] HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit

------------------------------------------------------ HYSA-2006-005 h4cky0u.org Advisory 014 ------------------------------------------------------ Date - Wed March 08 2006 TITLE: ====== WordPress 2.0.1 Remote DoS Exploit SEVERITY: ========= Medium SOFTWARE: ========= Wordpress 2.0.1 and prior...

siteframe_5.0.2_xss.txt

Siteframe Beaumont 5.0.2 == User Comment Cross-Site Scripting Vulnerability Information of Software: Software: Siteframe Beaumont 5.0.1a Site: http://www.siteframe.org/ Description of software: Siteframe is a lightweight content-management system designed for the rapid deployment of community-bas...

LinPHA 0.9.x1.0 - forth_stage_install.php Local File Inclusion

LinPHA 0.9.x1.0 - forthstageinstall.php Local File Inclusion source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in...

LinPHA 0.9.x/1.0 - 'forth_stage_install.php' Local File Inclusion

source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP code-injection vulnerabilities are d...

With a Winsock implementation on the website of the database data injection-vulnerability warning-the black bar safety net

In writing this article before, it is necessary to"inject"one word describes it. The difference to the usualSQL injection, where the injection actually just construct an HTTP request packet to a program instead of a WEB page is submitted, data is automatically submitted. Hey, speaking of which, I...

CVE-2005-3655

CVE-2005-3655 describes a heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) for SUSE Linux Enterprise Server 9. The vulnerability arises from improper handling of HTTP POST requests with a negative Content-Length, allowing an unauthenticated attacker to injec...

Code injection

Dave Nielsen and Patrick Breitenbach PayPal Web Services aka PHP Toolkit 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipnsuccess.php...

CVE-2006-0201

Dave Nielsen and Patrick Breitenbach PayPal Web Services aka PHP Toolkit 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipnsuccess.php...

CVE-2006-0201

Dave Nielsen and Patrick Breitenbach PayPal Web Services aka PHP Toolkit 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipnsuccess.php...

EUVD-2002-2149

Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request...

CVE-2002-2170

The CVE affects BadBlue Enterprise Edition versions 1.7–1.74. The root cause is insufficient authentication when attempts to restrict administrator actions to localhost IP, allowing a remote attacker to trigger arbitrary code execution via an HTTP POST to the dir.hts page on localhost, which can ...

CVE-2005-3594

gamescore.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $playername, $playerscore, and $gamename variables...

CVE-2005-3557

Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. dot dot in the selected%5B%5D parameter in an HTTP POST request...

CVE-2005-3594

CVE-2005-3594 concerns the web app component game_score.php in the content management system e107 . The vulnerability allows remote attackers to insert high scores by sending HTTP POST data that supplies the variables $player_name , $player_score , and $game_name . The available sources describe ...

CVE-2005-3594

gamescore.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $playername, $playerscore, and $gamename variables...