5291 matches found
Freeway 1.4.1.171 includes/modules/faqdesk/faqdesk_article_require.php language Parameter Traversal Local File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/30731/info Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using directory-traversal strings to view...
Mambo LMTG Myhomepage 1.2 Component Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/19584/info The lmtgmyhomepage component for Mambo is prone multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitra...
PHP 4/5 Input/Output Wrapper Remote Include Function Command Execution Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10427/info PHP is reportedly affected by an arbitrary command-execution weakness through the PHP 'include' function. This issue is due to a design error that allows the execution of attacker-supplied POST PHP commands whe...
PlutoStatus Locator 1.0pre alpha 'index.php' Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27802/info PlutoStatus Locator is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to...
LogIT 1.3/1.4 - Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16932/info LogIT is prone to a remote file-include vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input. Attackers may specify remotely hosted script files to be executed ...
CzarNews 1.13/1.14 headlines.php Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/12857/info CzarNews is prone to a remote file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process...
Freeway 1.4.1.171 templates/Freeway/mainpage_modules/mainpage.php language Parameter Traversal Local File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/30731/info Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using directory-traversal strings to view...
Dokeos <= 1.8.4 main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue. Attackers can...
php_news 2.0 user_user.php language Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/20209/info PHPNews is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary server-si...
simple webserver 2.3-rc1 - Directory Traversal
No description provided by source. Exploit Title: Simple Webserver 2.3-rc1 Directory Traversal Date: 01/02/2013 Exploit Author: CwG GeNiuS Vendor Homepage: http://www.pmx.it Software Link: http://www.pmx.it/download/sws-2.3-rc1-i686.exe Version: 2.3-rc1 and earlier Tested on: Windows 7 Enterprise...
Mambo EstateAgent 1.0.2 Component mosConfig_absolute_path Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19625/info The Mambo EstateAgent component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...
ToendaCMS 0.x/1.0.x TCMS_Administer Parameter Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19626/info ToendaCMS is prone a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PH...
aBitWhizzy whizzylink.php d Variable Traversal Arbitrary Directory Listing
No description provided by source. source: http://www.securityfocus.com/bid/23167/info aBitWhizzy is prone to multiple cross-site scripting and directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker could exploit these...
php_news 2.0 creat_news_all.php language Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/20209/info PHPNews is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary server-si...
Phorum 3.x Arbitrary File Read Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1997/info Phorum is a PHP based web forums package. Due to an error in the handling of user input in administrative scripts, any user can view the any file readable by the webserver on the target host. This is due to...
Super Site Searcher Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5605/info Super Site Searcher is prone to remote command execution. Shell metacharacters are not adequately filtered from query string parameters in a request to the vulnerable search engine script. The parameters are the...
free QBoard 1.1 delete.php qb_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows the attacker to execute arbitrary...
ultrascripts ultraboard 1.6 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1164/info UltraBoard 1.6 and possibly all 1.x versions is vulnerable to a directory traversal attack that will allow any remote browser to download any file that the webserver has read access to. On Windows instalations,...
rdiffweb 0.3.5 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24092/info rdiffWeb is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable...
MF Piadas 1.0 Admin.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18679/info MF Piadas is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...