5291 matches found
PHPStats 0.1.9 PHP-Stats-Options.PHP Remote Code Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23008/info PhpStats is prone to a remote code-execution vulnerability because the application fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary PHP code on an affected compute...
free QBoard 1.1 history.php qb_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows the attacker to execute arbitrary...
QTO File Manager 1.0 - 'qtofm.php' Arbitrary File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29072/info QTO File Manager is prone to a vulnerability that lets remote attackers upload and execute arbitrary script code because the application fails to sanitize user-supplied input. An attacker can leverage this issu...
New-CMS 1.08 Multiple Local File Include and HTML-Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/38307/info New-CMS is prone to multiple local file-include vulnerabilities and an HTML-Injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include...
MCPWS Personal WebServer <= 1.3.21 Denial of Service Exploit
No description provided by source. !/usr/bin/perl MCPWS Personal - Webserver = 1.3.21 DoS Exploit Vendor: http://www.mcpsoftware.de The coder used a unsecure VB-function Open to open requested files and didn't include a working error handling On Error Goto etc. It's possible to exploit this...
Kolibri+ Webserver 2 - (Get Request) Denial of Service Vulnerability
No description provided by source. Name : Kolibri+ Webserver 2 , Denial Of service / Crash Author : Usman Saeed Company : Xc0re Security Reasearch Group Date : 06/09/09 Homepage : http://www.xc0re.net Download Page : http://download.cnet.com/Kolibri-WebServer/3000-102484-10896378.html?tag=mncol...
iFoto 1.0 Index.PHP Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25065/info iFoto is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. A remote attacker can exploit this issue to view the directory structure of the affected computer...
Tektronix Phaser Network Printer 740/750/750DP/840/930 PhaserLink Webserver Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/806/info Certain versions of the Tektronix PhaserLink printer ship with a webserver designed to help facilitate configuration of the device. This service is essentially administrator level access as it can completely modi...
Glossaire 1.7 - Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18792/info Glossaire is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary...
Indexu 5.0 - Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/17470/info The 'indexu' application is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these...
Freeway 1.4.1.171 includes/modules/newsdesk/newsdesk_article_require.php language Parameter Traversal Local File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/30731/info Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using directory-traversal strings to view...
Speedywiki 2.0/2.1 - Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/20976/info Speedywiki is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include an arbitrary file-upload vulnerability and a...
Dokeos <= 1.8.4 main/create_course/add_course.php tutor_name Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue. Attackers can...
UltraBoard 1.6 DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1175/info UltraBoard 1.6 and possibly all 1.x versions and the new beta Ultraboard 2000 are vulnerable to this Denial of Service attack. A remote user is able to expend all of the available resources of the webserver by...
Web Server Creator Web Portal 0.1 - Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6251/info The Web Server Creator Web Portal is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence the include path for the...
DieselScripts Smart Traffic Index.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19630/info Smart Traffic is prone a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious...
HappyMall E-Commerce Software 4.3/4.4 Member_HTML.CGI Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7530/info It has been reported that a problem in the HappyMall E-Commerce software package could allow an attacker to pass arbitrary commands through the memberhtml.cgi script. This could lead to attacks against system...
BigACE 1.8.2 item_main.php GLOBALS Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PHP code and execute i...
BigACE 1.8.2 download.cmd.php GLOBALS Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PHP code and execute i...
BigACE 1.8.2 admin.cmd.php GLOBALS Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PHP code and execute i...