Accellion Secure File Transfer Appliance Multiple Command Restriction Weakness Local Privilege Escalation

No description provided by source. source: http://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A directory-traversal issue - An HTML-injection issue - A remote...

VWar 1.5 challenge.php vwar_root Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19387/info VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...

Wabbit PHP Gallery 0.9 Dir Parameter Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21213/info Wabbit PHP Gallery is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to retrieve the contents of arbitrar...

Open Digital Assets Repository System 1.0.2 Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29881/info Open Digital Assets Repository System ODARS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious...

Prototype of an PHP application 0.1 common.inc.php path_inc Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...

Apache 1.3.14 Mac File Protection Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2852/info A vulnerability exists when Apache webserver is used with Mac OS X Client. The standard filesystem for Mac OS X is HFS+. HFS+ is case insensitive while Apache's filtering is case sensitive. The result is that...

Campsite 2.6.1 - LocalizerConfig.php g_documentRoot Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier...

MiraksGalerie 2.62 galimage.lib.php listconfigfile[0] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/18313/info MiraksGalerie is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to...

Kolibri+ Webserver 2 - (GET Request) Remote SEH Overwrite Exploit

No description provided by source. !/usr/bin/python Could not get this to work on XP SP3. php5ts.dll is the only module with safe seh off but could not get the pop pop ret to work correctly despite the large number of usable addresses that were tested. $ ./kolibri.py 192.168.1.146 8080 Kolibri+...

AlstraSoft Affiliate Network Pro 8.0 merchants/index.php uploadProducts Action pgmid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/25026/info AlstraSoft Affiliate Network Pro is affected by multiple input-validation vulnerabilities. These issues include multiple cross-site scripting isues and SQL-injection issues. A successful exploit could allow an...

Achievo 0.7/0.8/0.9 - Remote File Include Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5552/info Achievo includes a PHP script which is used to generate JavaScript class.atkdateattribute.js.php. This script employs a number of PHP includeonce statements to call code contained in function libraries and grab...

HotPlug CMS 1.0 Login1.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18454/info HotPlug CMS is prone to a cross-site scripting attack. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary HTML an...

MinaliC Webserver 2.0 - Remote Source Disclosure

No description provided by source. Exploit Title : MinaliC Webserver v2.0 Remote Source Disclosure Software link : http://sourceforge.net/projects/minalic/ Version : 2.0 Tested on : Windows 7 Home Premium Date : 27/07/2011 Author : X-h4ck Website : http://www.pirate.al ,...

Accellion File Transfer Appliance web_client_user_guide.html lang Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A directory-traversal issue - An HTML-injection issue - A remote...

Blue Utopia 'index.php' Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33851/info Blue Utopia is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view and execute arbitrary local files in the...

Small Axe Weblog 0.3.1 'ffile' Parameter Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27383/info Small Axe Weblog is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

PHP Security Framework Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26898/info PHP Security Framework is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and remote file-include issues. A successful exploit may allow an attacker to execute...

Magic News Plus 1.0.2 news.php link_parameters Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site...

GoAhead WebServer 2.1.x Error Page Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5198/info A vulnerability has been reported for GoAhead WebServer 2.1. Reportedly, it is possible for attackers to launch cross site scripting attacks against vulnerable systems. GoAhead WebServer includes unsanitized...

Grayscale BandSite CMS 1.1 merch_content.php the_band Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...