5285 matches found
LinPHA 0.9.x1.0 - forth_stage_install.php Local File Inclusion
LinPHA 0.9.x1.0 - forthstageinstall.php Local File Inclusion source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in...
Farsinews 2.12.5 - show_archives.php?template Traversal Arbitrary File Access
Farsinews 2.12.5 - showarchives.php?template Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/16580/info FarsiNews is prone to directory-traversal and local file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-suppli...
Farsinews 2.1/2.5 - 'show_archives.php?template' Traversal Arbitrary File Access
source: https://www.securityfocus.com/bid/16580/info FarsiNews is prone to directory-traversal and local file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit the directory-traversal vulnerability to...
SPIP 1.8.2 - Spip_RSS.php Remote Command Execution
SPIP 1.8.2 - SpipRSS.php Remote Command Execution source: https://www.securityfocus.com/bid/16556/info SPIP is prone to a remote command-execution vulnerability. This is due to a lack of proper sanitization of user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP...
phpicalendar -- file disclosure vulnerability
The phpicalendar team reports that there is an unspecified vulnerability within phpicalendar. This seems to be a file disclosure vulnerability caused by improper checking of the template parsing function. This would allow an attacker to disclose any file readable by the user under which the...
eyeOS 0.8.x - Session Remote Command Execution
eyeOS 0.8.x - Session Remote Command Execution source: https://www.securityfocus.com/bid/16537/info The eyeOS system is prone to a remote command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied data. An attacker can exploit this issue ...
eyeOS 0.8.x - Session Remote Command Execution
source: https://www.securityfocus.com/bid/16537/info The eyeOS system is prone to a remote command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary commands in the context of...
Farsinews 2.1 - Loginout.php Remote File Inclusion
Farsinews 2.1 - Loginout.php Remote File Inclusion source: https://www.securityfocus.com/bid/16440/info FarsiNews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...
Farsinews 2.1 - 'Loginout.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/16440/info FarsiNews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...
PmWiki 2.1 - Multiple Input Validation Vulnerabilities
PmWiki 2.1 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/16421/info PmWiki is prone to multiple input-validation vulnerabilities. These issues are due to failures in the application to properly sanitize user-supplied input. - Arbitrary remote file-include...
PmWiki 2.1 - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/16421/info PmWiki is prone to multiple input-validation vulnerabilities. These issues are due to failures in the application to properly sanitize user-supplied input. - Arbitrary remote file-include vulnerability. Exploitation of this issue will result in...
Elido Face Control - Multiple Directory Traversal Vulnerabilities
source: https://www.securityfocus.com/bid/16401/info Face Control is prone to multiple directory-traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to retrieve arbitrary files from...
RCBlog 1.0.3 - index.php Directory Traversal
RCBlog 1.0.3 - index.php Directory Traversal source: https://www.securityfocus.com/bid/16342/info RCBlog is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to...
RCBlog 1.0.3 - 'index.php' Directory Traversal
source: https://www.securityfocus.com/bid/16342/info RCBlog is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable syste...
ironwallTraverse.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IronWall webserver 7.41 directory traversal - Software App: IronWall Webserver Version: 7.41 estable others not tested Platform: win32 Background Ironwall webserver is a small web server for win32 systems. It can be downloaded totally free at...
IronWall webserver directory traversal
Directory traversal with Обратный путь в каталогах через /.../...
[Full-disclosure] IronWall webserver remote file access.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IronWall webserver 7.41 directory traversal - Software App: IronWall Webserver Version: 7.41 estable others not tested Platform: win32 Background Ironwall webserver is a small web server for win32 systems. It can be downloaded totally free at...
OABoard 1.0 Forum - Remote File Inclusion
OABoard 1.0 Forum - Remote File Inclusion source: https://www.securityfocus.com/bid/16105/info The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application. This could result in the execution ...
OABoard 1.0 Forum - Remote File Inclusion
source: https://www.securityfocus.com/bid/16105/info The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application. This could result in the execution of arbitrary PHP code in the context of th...
IceWarp Universal WebMail - mailinclude.html Crafted HTTP_USER_AGENT Arbitrary File Access
IceWarp Universal WebMail - mailinclude.html Crafted HTTPUSERAGENT Arbitrary File Access source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp...