n.runs-SA-2007.005 - PHProjekt 5.2.0 - Cross Site Request Forgery

n.runs AG http://www.nruns.com/ security at nruns.com n.runs-SA-2007.005 14-Mar-2007 Vendor: Mayflower GmbH, http://www.mayflower.de Affected Products: PHProjekt 5.2.0 Vulnerability: Cross Site Request Forgery Risk: HIGH Vendor communication: 2006/12/31 initial notification of Mayflower 2007/01/0...

CVE-2007-1240

Multiple cross-site scripting XSS vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via 1 the searchkey parameter to index.php, or the 2 sn or 3 ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information ...

CVE-2007-1240

CVE-2007-1240 involves multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5. The flaws allow remote attackers to inject arbitrary web script or HTML via specific parameters: (1) searchkey to index.php, and (2) sn or (3) ri to modules/htmlframechat/index.php. The d...

PT-2007-1918 · Apache +2 · Apache Tomcat +3

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server and Tomcat versions prior to 5.5.22 and 6.0.10 Tomcat versions prior to 5.5.22 and 6.0.10 Description: The issue allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 ...

CVE-2007-1159

Cross-site scripting XSS vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Design/Logic Flaw

Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors...

CVE-2007-1035

The CVE-2007-1035 issue affects getID3 (1.7.1) as used with Drupal Mediafield/Audio modules. The remote vulnerabilities reside in the package’s demo scripts, enabling an unauthenticated attacker to read/delete arbitrary files, list directories, write files (including .mp3) and potentially execute...

Remote file inclusion

PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CCFG'PKGPATHMDLS' parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs befo...

Virtual Host Administrator Modules_Dir远程文件包含漏洞

Virtual Host Administrator是一款基于PHP的WEB应用程序。 Virtual Host Administrator不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'main.php'脚本对用户提交的'MODULESDIR'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 Inter7 vhostadmin 0.1 目前没有解决方案提供： http://www.inter7.com/index.php?page=vhostadmin...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the 1 Project issue tracking 4.7.0 through 5.x before 20070123 and 2 Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a certain "fields on project nodes" or...

CVE-2007-0534

Multiple cross-site scripting XSS vulnerabilities in the 1 Project issue tracking 4.7.0 through 5.x before 20070123 and 2 Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a certain "fields on project nodes" or...

phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability

phpCOIN = RC-1 modules/mail/index.php Remote File Include Vulnerability Script: phpCOIN Version: RC-1 URL: http://www.phpcoin.com/coinmodules/downloads/dload.php?id=1 Found by: Born To K!LL Bug in : modules/mail/index.php code : Include module functions file include...

vhostadmin 0.1 (MODULES_DIR) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================ vhostadmin 0.1 MODULESDIR Remote File Inclusion Vulnerability ================================================================ | | \ | Dr Max Virus | / \ | | / / || \ / ...

vhostadmin 0.1 - MODULES_DIR Remote File Inclusion

vhostadmin 0.1 - MODULESDIR Remote File Inclusion | | \ | Dr Max Virus | / \ | | / / || \ / \ ------------------------------------------------------------------------------------------------------------------------ Script:vHostAdmin Affected Version:1.0 Risk:Highly Critical...

vhostadmin 0.1 - 'MODULES_DIR' Remote File Inclusion

| | \ | Dr Max Virus | / \ | | / / || \ / \ ------------------------------------------------------------------------------------------------------------------------ Script:vHostAdmin Affected Version:1.0 Risk:Highly Critical...

CVE-2006-6534

Multiple cross-site scripting XSS vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the 1 set parameter to admin/modules.php, the 2 selectedbox parameter to definitiva/admin/customers.php, the 3 lID parameter to admin/languagesdefinitions.php, o...

GLSA-200612-04 : ModPlug: Multiple buffer overflows

The remote host is affected by the vulnerability described in GLSA-200612-04 ModPlug: Multiple buffer overflows Luigi Auriemma has reported various boundary errors in loadit.cpp and a boundary error in the 'CSoundFile::ReadSample' function in sndfile.cpp. Impact : A remote attacker can entice a...

NVIDIA binary graphics driver: Privilege escalation vulnerability

Background The NVIDIA binary graphics driver from NVIDIA Corporation provides the kernel module and the GL modules for graphic acceleration on the NVIDIA based graphic cards. Description Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the...

Apache mod_tcl module contains a format string error

Overview A format string vulnerability exists in the modtcl Apache module. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Apache HTTP Server, also known as httpd, is an open-source HTTP server that runs on Microsoft Windows, Linux, Unix, and Apple OS X...

PhpShop Core 0.9.0 RC1 - 'PS_BASE' File Inclusion

--------------------------------------|| Viva Palestine ||----------------------------------------- PhpShop-Core append.php Remot File Include Vulnerability Found By : CoLd Zero Wasem898 Source : includeonce $4AZHARTeAM."Securty."; PalesTine Arab Muslim Hacker's PhpShop-Core v0.9.0 RC1 Class:...