5286 matches found
osCommerce 3.0a5 - Local File Inclusion HTML Injection
osCommerce 3.0a5 - Local File Inclusion HTML Injection source: https://www.securityfocus.com/bid/39820/info osCommerce is prone to a local file-include vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local...
osCommerce 3.0a5 - Local File Inclusion / HTML Injection
source: https://www.securityfocus.com/bid/39820/info osCommerce is prone to a local file-include vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal...
phpegasus 'config.php' Arbitrary File Upload Vulnerability
phpegasus is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate...
Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability
Madirish Webmail is prone to Multiple vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow th...
SmodCMS 'config.php' Arbitrary File Upload Vulnerability
SmodCMS is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate...
Apache ActiveMQ 5.2/5.3 - Source Code Information Disclosure
source: https://www.securityfocus.com/bid/39636/info Apache ActiveMQ is prone to a vulnerability that lets attackers access source code because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer in...
MultiThreaded HTTP Server v1.1 Source Disclosure
No description provided by source. Exploit Title: MultiThreaded HTTP Server v1.1 Source Disclosure Found By: DrIDE Date: Apr. 20, 2010 Download: http://voxel.dl.sourceforge.net/project/http/version1.1/%5BUnnamed%20release%5D/HTTPProjectfat.jar Tested on: Windows 7 - Description - MultiThreaded HT...
Multi-Threaded HTTP Server 1.1 - Source Disclosure
Exploit Title: MultiThreaded HTTP Server v1.1 Source Disclosure Found By: DrIDE Date: Apr. 20, 2010 Download: http://voxel.dl.sourceforge.net/project/http/version1.1/%5BUnnamed%20release%5D/HTTPProjectfat.jar Tested on: Windows 7 - Description - MultiThreaded HTTP Server v1.1 is a Java based HTTP...
phpMyAdmin 'unserialize()' RCE Vulnerability
phpMyAdmin is prone to a vulnerability that lets attackers execute arbitrary code in the context of the webserver process. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
openstock/opentel 'dsn[phptype]' Parameter Local File Include Vulnerability
openstock/opentel is prone to a local file-include vulnerability because it fails to properly sanitize user supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may...
Sun Microsystems Directory Server Enterprise DSML UTF-8 Denial of Service Vulnerability
This vulnerability allows attackers to deny services on vulnerable installations of Sun Microsystems Directory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's DSML-over-HTTP implementation and can be triggered via an HTT...
Sun Microsystems Directory Server DSML-over-HTTP Username Search Denial of Service Vulnerability
This vulnerability allows attackers to deny services on vulnerable installations of Sun Microsystems Directory Service Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within Sun Directory Server's DSML-over-HTTP implementation and can be triggered v...
AneCMS 1.0 - Multiple Local File Inclusions
AneCMS 1.0 - Multiple Local File Inclusions source: https://www.securityfocus.com/bid/39416/info AneCMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive...
AneCMS 1.0 - Multiple Local File Inclusions
source: https://www.securityfocus.com/bid/39416/info AneCMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local...
Blog System 1.x - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/39406/info Blog System is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, SQL-injection, and cross-site-scripting issues. Exploiting these...
TCPDF 4.5.0364.9.5 - params Attribute Remote Code Execution
TCPDF 4.5.0364.9.5 - params Attribute Remote Code Execution source: https://www.securityfocus.com/bid/39315/info TCPDF is prone to a security weakness that may allow attackers to execute arbitrary code. An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute...
TCPDF 4.5.036/4.9.5 - 'params' Attribute Remote Code Execution
source: https://www.securityfocus.com/bid/39315/info TCPDF is prone to a security weakness that may allow attackers to execute arbitrary code. An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute arbitrary code with the privileges of the webserver. Versio...
PotatoNews 1.0.2 - nid Multiple Local File Inclusions
PotatoNews 1.0.2 - nid Multiple Local File Inclusions source: https://www.securityfocus.com/bid/39276/info PotatoNews is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain...
PotatoNews 1.0.2 - 'nid' Multiple Local File Inclusions
source: https://www.securityfocus.com/bid/39276/info PotatoNews is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute arbitrary local...
justVisual <= 2.0 LFI Vulnerability
justVisual is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...