5285 matches found
PHP TopSites FREE 1.022b - 'config.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/20486/info PHP TopSites is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this issue to have malicious PHP code execute in the context of the webserver process. This...
FreeWPS 2.11 - 'upload.php' Remote Command Execution
source: https://www.securityfocus.com/bid/20494/info FreeWPS is prone to a remote command-execution vulnerability. Attackers can exploit this issue to execute arbitrary system commands with the privileges of the webserver process. FreeWPS version 2.11 is vulnerable to this issue; other versions m...
Gcards 1.13 - Addnews.php Remote File Inclusion
Gcards 1.13 - Addnews.php Remote File Inclusion source: https://www.securityfocus.com/bid/20461/info gcards is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this issue to have malicious PHP code execute in...
CommunityPortals 1.0 - bug.php Remote File Inclusion
CommunityPortals 1.0 - bug.php Remote File Inclusion source: https://www.securityfocus.com/bid/20466/info CommunityPortals is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this issue to have malicious PHP...
Dokeos 1.6.4 - Multiple Remote File Inclusions Vulnerabilities
Dokeos 1.6.4 - Multiple Remote File Inclusions Vulnerabilities source: https://www.securityfocus.com/bid/20468/info Dokeos is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can explo...
Gcards 1.13 - 'Addnews.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/20461/info gcards is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this issue to have malicious PHP code execute in the context of the webserver process. This may...
CommunityPortals 1.0 - 'bug.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/20466/info CommunityPortals is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this issue to have malicious PHP code execute in the context of the webserver process...
Tagit2b - DelTagUser.php Remote File Inclusion
Tagit2b - DelTagUser.php Remote File Inclusion source: https://www.securityfocus.com/bid/20451/info Tagit2b is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this issue to have malicious PHP code execute in...
Tagit2b - 'DelTagUser.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/20451/info Tagit2b is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this issue to have malicious PHP code execute in the context of the webserver process. This may...
ISearch 2.16 - ISEARCH_PATH Remote File Inclusion
ISearch 2.16 - ISEARCHPATH Remote File Inclusion source: https://www.securityfocus.com/bid/20401/info iSearch is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
Deep CMS 2.0 - index.php Remote File Inclusion
Deep CMS 2.0 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/20402/info Deep CMS is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
ISearch 2.16 - 'ISEARCH_PATH' Remote File Inclusion
source: https://www.securityfocus.com/bid/20401/info iSearch is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the...
Deep CMS 2.0 - 'index.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/20402/info Deep CMS is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with th...
PHP Polling Creator 1.03 - functions.inc.php Remote File Inclusion
PHP Polling Creator 1.03 - functions.inc.php Remote File Inclusion source: https://www.securityfocus.com/bid/20398/info PHP Polling Creator is affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issu...
[CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability
Title: CAID 34661: CA Unicenter WSDM File System Read Access Vulnerability CA Vulnerability ID CAID: 34661 CA Advisory Date: 2006-10-03 Discovered By: Oliver Karow, Symantec Security Consultant oliverkarow at symantec dot com Richard Sammet, Symantec Security Consultant richardsammet at symantec...
DeluxeBB 1.09 - Sig.php Remote File Inclusion
DeluxeBB 1.09 - Sig.php Remote File Inclusion source: https://www.securityfocus.com/bid/20292/info DeluxeBB is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files...
IMCE file handling vulnerabilities
IMCE has two vulnerabilities with regards to file handling. 1. By passing relative paths to IMCE's delete function, a malicious user with the "delete files" permission can delete files anywhere in the directory tree depending on the access permissions of the webserver. 2. IMCE allows the upload...
DeluxeBB 1.09 - 'Sig.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/20292/info DeluxeBB is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it i...
[MajorSecurity Advisory #28]ConPresso CMS - Multiple Cross Site Scripting and SQL Injection Issues
MajorSecurity Advisory 28ConPresso CMS - Multiple XSS and SQL Injection Issues Details ======= Product: ConPresso CMS Affected Version: =4.0.4a Immune Version: 4.0.5a Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.conpresso.com/ Vendor-Status: informed Advisory-Status:...
PHPSelect Web Development - 'index.php3' Remote File Inclusion
source: https://www.securityfocus.com/bid/20231/info PHPSelect Web Development is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affect...