5285 matches found
RRDBrowse 1.6 - Arbitrary File Disclosure
I - TITLE Security advisory: Arbitrary file disclosure vulnerability in rrdbrowse II - SUMMARY Description: Arbitrary file disclosure vulnerability in rrdbrowse = 1.6 Author: Sebastian Wolfgarten sebastian at wolfgarten dot com, http://www.devtarget.org Date: March 4th, 2007 Severity: Medium...
MOPB-01-2007:PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability
Summary The Month of PHP Bugs starts with a PHP 4 security vulnerability that exploits a problem known for many years among the PHP developers. When a PHP application is run in PHP 4 it can overflow the variable reference counter because it is only 16 bit wide. Whenever this happens it will resul...
MOPB-02-2007:PHP Executor Deep Recursion Stack Overflow
Summary The first day of MoPB is dedicated to vulnerabilities that are already known but are not yet or will never be fixed. The next bug of this category is the problem that PHP does not protect against deep recursions. Whenever a PHP application goes into a very deep recursion it will crash whe...
PHP 45 - Executor Deep Recursion Remote Denial of Service
PHP 45 - Executor Deep Recursion Remote Denial of Service source: https://www.securityfocus.com/bid/22766/info PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. An attacker with permissions to execute PHP code on an affected computer may...
aWebNews 1.1 - listing.php?path_to_news Remote File Inclusion
aWebNews 1.1 - listing.php?pathtonews Remote File Inclusion source: https://www.securityfocus.com/bid/22781/info aWebNews is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it...
PHP 345 - ZendEngine Variable Destruction Remote Denial of Service
PHP 345 - ZendEngine Variable Destruction Remote Denial of Service source: https://www.securityfocus.com/bid/22764/info PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. An attacker who can run PHP code on a vulnerable computer may exploi...
aWebNews 1.1 - 'listing.php?path_to_news' Remote File Inclusion
source: https://www.securityfocus.com/bid/22781/info aWebNews is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the...
PHP 3/4/5 - ZendEngine Variable Destruction Remote Denial of Service
source: https://www.securityfocus.com/bid/22764/info PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. An attacker who can run PHP code on a vulnerable computer may exploit this vulnerability to crash PHP and the webserver, denying servic...
Simple one-file Gallery - gallery.php?f Traversal Arbitrary File Access
Simple one-file Gallery - gallery.php?f Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/22700/info Simple one-file gallery is prone to multiple input-validation vulnerabilities, including a local file-include issue and a cross-site scripting issue. An attacker can exploi...
Simple one-file Gallery - gallery.php?f Cross-Site Scripting
Simple one-file Gallery - gallery.php?f Cross-Site Scripting source: https://www.securityfocus.com/bid/22700/info Simple one-file gallery is prone to multiple input-validation vulnerabilities, including a local file-include issue and a cross-site scripting issue. An attacker can exploit these...
Simple one-file Gallery - 'gallery.php?f' Traversal Arbitrary File Access
source: https://www.securityfocus.com/bid/22700/info Simple one-file gallery is prone to multiple input-validation vulnerabilities, including a local file-include issue and a cross-site scripting issue. An attacker can exploit these issues to steal cookie-based authentication credentials and to...
Simple one-file Gallery - 'gallery.php?f' Cross-Site Scripting
source: https://www.securityfocus.com/bid/22700/info Simple one-file gallery is prone to multiple input-validation vulnerabilities, including a local file-include issue and a cross-site scripting issue. An attacker can exploit these issues to steal cookie-based authentication credentials and to...
LoveCMS 1.4 - load Traversal Arbitrary File Access
LoveCMS 1.4 - load Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issu...
Pyrophobia 2.1.3.1 - Cross-Site Scripting
Pyrophobia 2.1.3.1 - Cross-Site Scripting source: https://www.securityfocus.com/bid/22667/info Pyrophobia is prone to multiple input-validation vulnerabilities, including multiple local file-include issues and multiple cross-site scripting issues. An attacker can exploit these issues to steal...
LoveCMS 1.4 - id Cross-Site Scripting
LoveCMS 1.4 - id Cross-Site Scripting source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. An attacke...
LoveCMS 1.4 - step Traversal Arbitrary File Access
LoveCMS 1.4 - step Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issu...
Pyrophobia 2.1.3.1 - Traversal Arbitrary File Access
Pyrophobia 2.1.3.1 - Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/22667/info Pyrophobia is prone to multiple input-validation vulnerabilities, including multiple local file-include issues and multiple cross-site scripting issues. An attacker can exploit these issues t...
LoveCMS 1.4 - 'id' Cross-Site Scripting
source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. An attacker can exploit these issues to steal...
LoveCMS 1.4 - 'step' Remote File Inclusion
source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. An attacker can exploit these issues to steal...
LoveCMS 1.4 - 'load' Traversal Arbitrary File Access
source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. An attacker can exploit these issues to steal...