EUVD-2004-1567

Malware in sbrugna...

EUVD-2006-6529

Malware in sbrugna...

CuteNews aj-fork 'path' Parameter Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/32141/info CuteNews aj-fork is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

cutenews aj-fork <= 167f (cutepath) Remote File Include Vulnerability

No description provided by source. =========================================================================================================== DeltasecurityTEAM www.Deltasecurity.ir =========================================================================================================== Portal...

CuteNews aj-fork - path Remote File Inclusion

CuteNews aj-fork - path Remote File Inclusion source: https://www.securityfocus.com/bid/32141/info CuteNews aj-fork is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...

CuteNews aj-fork - &#039;path&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/32141/info CuteNews aj-fork is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in t...

CVE-2006-6546

PHP remote file inclusion vulnerability in inc/shows.inc.php in cutenews aj-fork CN:AJ 167f and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter...

CVE-2006-6546

CVE-2006-6546 pertains to PHP remote file inclusion in inc/shows.inc.php of cutenews aj-fork (CN:AJ) version 167f and earlier. The underlying issue is an RFI vulnerability where an attacker can supply a URL via the cutepath parameter to cause arbitrary PHP code execution on the affected server. T...

CuteNews Aj-fork Shows.Inc.PHP远程文件包含漏洞

CuteNews Aj-fork是一款基于PHP的WEB应用程序。 CuteNews Aj-fork不充分过滤用户提交的URI输入，远程攻击者可以利用漏洞以WEB进程权限执行任意指令。 问题是'Shows.Inc.PHP'脚本对用户提交的WEB参数缺少过滤，指定远程服务器上的任意文件作为包含对象，可导致以进程权限执行任意指令。 Cutenews Aj-fork Cutenews Aj-fork beta http://sourceforge.net/projects/ajfork...

cutenews aj-fork &lt;= 167f &#40;cutepath&#41; Remote File Include Vulnerability

=========================================================================================================== DeltasecurityTEAM www.Deltasecurity.ir =========================================================================================================== Portal Name : cutenews aj-fork Class =...

cutenews aj-fork &lt;= 167f (cutepath) Remote File Include Vulnerability

No description provided by source. =========================================================================================================== DeltasecurityTEAM www.Deltasecurity.ir =========================================================================================================== Portal...

CuteNews aj-fork 167f - cutepath Remote File Inclusion

CuteNews aj-fork 167f - cutepath Remote File Inclusion =========================================================================================================== DeltasecurityTEAM www.Deltasecurity.ir...

cutenews aj-fork <= 167f (cutepath) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ===================================================================== cutenews aj-fork = 167f cutepath Remote File Include Vulnerability =====================================================================...

CuteNews aj-fork 167f - &#039;cutepath&#039; Remote File Inclusion

=========================================================================================================== DeltasecurityTEAM www.Deltasecurity.ir =========================================================================================================== Portal Name : cutenews aj-fork Class =...

CVE-2004-1572

AJ-Fork 167 does not restrict access to directories such as 1 data, 2 inc, 3 plugins, 4 skins, or 5 tools, which allows remote attackers to list files in those directories via a direct HTTP request...

CVE-2004-1573

The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator...

CVE-2004-1571

AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to 1 auto-acronyms.php, 2 auto-archive.php, 3 ount-article-views.php, 4 kses.php, 5 custom-quick-tags.php, 6 disable-all-comments.php, 7 easy-date-format.php, 8 enable-disable-comments.php, 9...

CVE-2004-1572

AJ-Fork 167 is vulnerable to an information-disclosure flaw where access to directories (data, inc, plugins, skins, tools) is not restricted, enabling remote attackers to list files via direct HTTP requests. The CVE-2004-1572 entry documents this risk, with impact limited to exposure of directory...

CVE-2004-1571

AJ-Fork 167 is affected by an information-disclosure vulnerability where direct requests to 13 PHP scripts (auto-acronyms.php, auto-archive.php, ount-article-views.php, kses.php, custom-quick-tags.php, disable-all-comments.php, easy-date-format.php, enable-disable-comments.php, filter-by-author.p...

CVE-2004-1573

The CVE-2004-1573 entry concerns AJ-Fork 167 where insecure file permissions on users.db.php (set to 777) allow local users to execute arbitrary PHP code and gain administrator privileges. The vulnerability’s impact is (local) arbitrary code execution with full privileges as described; exploitati...