phpThumb Command-Injection Vulnerability

It has recently come to our attention that phpThumb all versions contains an unpatched vulnerability. The application is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input to the ’fltr’ parameter in the ’phpThumb.php’ script. Attackers can explo...

DNET Live-Stats 'team.rc5-72.php' Local File Include Vulnerability

DNET Live-Stats is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in...

Tiki Wiki CMS Groupware 5.2 Multiple Vulnerabilities

No description provided by source. Source: http://www.securityfocus.com/bid/43507/info Tiki Wiki CMS Groupware is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local...

Tiki Wiki CMS Groupware 5.2 Multiple Vulnerabilities

Exploit for php platform in category web applications ==================================================== Tiki Wiki CMS Groupware 5.2 Multiple Vulnerabilities ==================================================== Tiki Wiki CMS Groupware is prone to a local file-include vulnerability and a...

Tiki Wiki CMS Groupware 5.2 - Multiple Vulnerabilities

Tiki Wiki CMS Groupware 5.2 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/43507/info Tiki Wiki CMS Groupware is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can...

Tiki Wiki CMS Groupware 5.2 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/43507/info Tiki Wiki CMS Groupware is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using...

[SECURITY] Fedora 12 Update: mantis-1.1.8-4.fc12

Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Any web browser should be able to function as a client. Documentation...

[SECURITY] Fedora 14 Update: mantis-1.1.8-4.fc14

Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Any web browser should be able to function as a client. Documentation...

MODX <= 2.0.2 Multiple Vulnerabilities - Active Check

MODX is prone to a local file include LFI vulnerability and a cross-site scripting XSS vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

MODx 2.0.2-pl - managerindex.php?modahsh Cross-Site Scripting

MODx 2.0.2-pl - managerindex.php?modahsh Cross-Site Scripting source: https://www.securityfocus.com/bid/43577/info MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the...

MODx manager - controllersdefaultresourcetvs.php?class_key Traversal Local File Inclusion

MODx manager - controllersdefaultresourcetvs.php?classkey Traversal Local File Inclusion source: https://www.securityfocus.com/bid/43577/info MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An...

MODx manager - &#039;/controllers/default/resource/tvs.php?class_key&#039; Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/43577/info MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strin...

MODx 2.0.2-pl - &#039;/manager/index.php?modahsh&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/43577/info MODx is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strin...

Collaborative Passwords Manager (cPassMan) Multiple Local File Include Vulnerabilities

cPassMan is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user- supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. Th...

Multi-lingual E-Commerce System 0.2 Multiple Vulnerabilities - Active Check

Multi-lingual E-Commerce System is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP MicroCMS Local File Include and SQL Injection Vulnerabilities

PHP MicroCMS is prone to a local file-include vulnerability and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory- traversal strings to view and execute arbitrary local fil...

CMScout IBrowser TinyMCE Plugin Local File Include Vulnerability

CMScout is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further...

NWS-Classifieds - cmd Local File Inclusion

NWS-Classifieds - cmd Local File Inclusion source: https://www.securityfocus.com/bid/43259/info NWS-Classifieds is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...

CMScout IBrowser TinyMCE Plugin 2.3.4.3 - Local File Inclusion

CMScout IBrowser TinyMCE Plugin 2.3.4.3 - Local File Inclusion source: https://www.securityfocus.com/bid/43260/info CMScout is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversa...

ChillyCMS 2.3.4.3 - Arbitrary File Upload

ChillyCMS 2.3.4.3 - Arbitrary File Upload source: https://www.securityfocus.com/bid/43263/info chillyCMS is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this...