CVE-2006-0817

Absolute path directory traversal vulnerability in a MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and b VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the 1 language parameter in...

CVE-2006-0818

Absolute path directory traversal vulnerability in 1 MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and 2 VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname i...

DEBIAN-CVE-2006-3360

Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. dot dot sequence and a trailing null %00 byte in the lng parameter, which will display a different error message if the file exists...

Directory traversal

Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the language parameter...

phpWebFTP index.php language Parameter Local File Inclusion

The remote host is running phpWebFTP, a web-based FTP client written in PHP. The version of phpWebFTP installed on the remote host fails to sanitize user-supplied input to the 'language' parameter of the 'index.php' script before using it in a PHP 'include' function. An unauthenticated attacker m...

CVE-2006-1114

Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. dot dot and trailing %00 NULL byte in the 1 template and 2 page parameters in a index.php, and the 3 language parameter in b inc/backendsettings.php...

CVE-2006-0802

Cross-site scripting XSS vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magicquotesgpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation...

DEBIAN-CVE-2006-0518

Cross-site scripting XSS vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 5539 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

CVE-2005-4558

IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include...

CVE-2005-4558

CVE-2005-4558 affects IceWarp Web Mail 5.5.1 (used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue arises in mail/index.html where the language parameter lang_settings is not properly restricted before storage in the database, allowing remote authenticated users to ...

CVE-2005-4250

Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter...

CVE-2005-4250

Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter...

CVE-2005-1925

Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via 1 the suckurl parameter to tiki-editpage.php or 2 language parameter to tiki-userpreferences.php...

CVE-2005-2607

The CVE concerns Simplicity oF Upload’s download.php where the language parameter can trigger a local/remote file inclusion (LFI) due to insufficient input sanitization. Affected software is the Simplicity oF Upload PHP script; vulnerability resides in download.php prior to version 1.3.1. Consequ...

CVE-2005-2607

PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null "%00" characters...

CVE-2005-2607

PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null "%00" characters...

CVE-2005-2567

PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter...

simplicityRemote.txt

--------------Boundary-00=B6O8YHI1VA4000000000 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable 26/07/2005 16.09.18=0D =0D Simplicity OF Upload 1.3 possibly prior versons remote code execution =0D & cross site scripting=0D =0D software: =0D author site:...

CVE-2005-2061

Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null %00 byte...

CVE-2005-0443

index.php in CubeCart 2.0.4 allows remote attackers to 1 obtain the full path for the web server or 2 conduct cross-site scripting XSS attacks via an invalid language parameter, which echoes the parameter in a PHP error message...