Bookmark4U 2.0 inc/common.php env[include_prefix] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/18281/info Bookmark4U is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to includ...

phusion webserver 1.0 - Directory Traversal vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/4117/info Phusion Webserver is a commercial HTTP server that runs on Microsoft Windows 9x/NT/2000 operating systems. Phusion Webserver is prone to directory traversal attacks. It is possible to break out of wwwroot using...

Korean GHBoard component/upload.jsp Unspecified Arbitrary File Upload

No description provided by source. source: http://www.securityfocus.com/bid/26182/info GHBoard is prone to multiple vulnerabilities that let attackers upload and download arbitrary files and execute arbitrary code within the context of the webserver process...

Absolute News Manager .NET 5.1 xlaabsolutenm.aspx Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal...

GL-SH Deaf Forum 6.5.5 Cross-Site Scripting Vulnerability and Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29849/info GL-SH Deaf Forum is prone to a cross-site scripting vulnerability and an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage the cross-site...

Grayscale BandSite CMS 1.1 header.php the_band Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...

GoAhead WebServer 2.1.x Error Page Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5198/info A vulnerability has been reported for GoAhead WebServer 2.1. Reportedly, it is possible for attackers to launch cross site scripting attacks against vulnerable systems. GoAhead WebServer includes unsanitized...

YACS 6.6.1 - Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19799/info YACS is prone multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...

ntop 3.3.10 HTTP Basic Authentication NULL Pointer Dereference Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credentials are received by the embedded webserver. An...

Ikonboard 2.1.7 b Remote File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2471/info Ikonboard is a perl-based discussion forum script from ikonboard.com. Versions of Ikonboard are vulnerable to remote disclosure of arbitrary files. By adding a null byte to the name of a requested file, the...

Absolute News Manager .NET 5.1 pages/default.aspx template Variable Remote File Access

No description provided by source. source: http://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal...

TW-WebServer 1.0 - Denial of Service Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/7368/info It has been reported that TW-WebServer is prone to a denial of service vulnerability. Reportedly when an excessive quantity of data is sent to the TW-Webserver as part of a malicious HTTP GET request the server...

Alcatel-Lucent OmniPCX Enterprise <= 7.1 Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25694/info Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands...

PHPSlash 0.5.3 2/0.6.1 URL Block Arbitrary File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2724/info PHPSlash is a widely used open source Groupware utility. PHPSlash contains a vulnerability which may disclose files readable to the webserver process on the underlying host to PHPSlash users who can 'edit' URL...

Dokeos <= 1.8.4 main/admin/course_category.php category Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue. Attackers can...

Claroline 1.x admin/adminusers.php dir Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script code in the context of the application...

Mozilla Bugzilla 2.4/2.6/2.8/2.10 Remote Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/1199/info Bugzilla is a web-based bug-tracking system based on Perl and MySQL. It allows people to submit bugs and catalogs them. Bugzilla is prone to a vulnerability which may allow remote users to execute arbitrary...

Simple one-file gallery gallery.php f Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/22700/info Simple one-file gallery is prone to multiple input-validation vulnerabilities, including a local file-include issue and a cross-site scripting issue. An attacker can exploit these issues to steal cookie-based...

PHPFaber TopSites 3 Admin/Index.PHP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23419/info TopSites is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable...

Multiple Wordpress Plugin timthumb.php Vulnerabilites

No description provided by source. Exploit Title: Multiple Wordpress timthumb.php reuse vulnerabilities Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing --- Description --- The following Wordpress plugins reuse a vulnerable version of the timthumb.php librar...