3 matches found
Crlf injection
CRLF injection vulnerability in Yet another Bulletin Board YaBB 2.1 allows remote attackers to obtain administrative access via requests to 1 register.pl or 2 profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code...
DEBIAN-CVE-2006-2702
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PCREMOTEADDR HTTP header, which vars.php uses to redefine $SERVER'REMOTEADDR'...
DEBIAN-CVE-2005-4463
WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to 1 wp-includes/vars.php, 2 wp-content/plugins/hello.php, 3 wp-admin/upgrade-functions.php, 4 wp-admin/edit-form.php, 5 wp-settings.php, and 6 wp-admin/edit-form-comment.php, which leaks the path ...