DokuWiki doku.php X-FORWARDED-FOR HTTP Header Arbitrary Code Injection

The remote host is running DokuWiki, an open source wiki application written in PHP. The installed version of DokuWiki includes a script, 'bin/dwpage.php', that is intended as a command line tool for modifying pages. By accessing it through the web, an unauthenticated, remote attacker can abuse i...

cpanel10xss.txt

C P A N E L 1 0 Preth00nker at gmail dot com BY PRETH00NKER http://mexhackteam.org special dedication for my friends of: introduction Preth00nker was discovering some news vulnerabilities in cpanel 10. Cite: cPanel allows domain owners to manage and monitor their web site. This easy to use...

CVE-2006-3061

Multiple cross-site scripting XSS vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the 1 sort parameter in index2.php, 2 itemid parameter in report.php, 3 searchterm parameter aka the "search box" in searchreviews.php, 4 the profile field in...

WordPress < 2.0.3 Arbitrary Code Injection

Binary data 3647.prm...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PHP ManualMaker 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 id parameter to index.php, 2 search field possibly the s parameter, or 3 comment field...

JupiterCMS.txt

Jupiter CMS , to redirect the user to a page of your choice, to avoid suspicion and disclosure of your cookiestealer's location. This injections would allow an attacker to redirect users to a page of his choice, effectively defacing the page:...

NOCC 1.0 - html_bottom_table.php Multiple Cross-Site Scripting Vulnerabilities

NOCC 1.0 - htmlbottomtable.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...

123 Flash Chat 5.0 - Remote Code Injection

source: https://www.securityfocus.com/bid/16360/info 123 Flash Chat is prone to an arbitrary code injection weakness. An attacker can influence the value of a variable that is insecurely passed to an 'eval' call. Successful exploitation may allow attackers to take complete control of the...

MSIEDoS.txt

Advisory Name MicrosoftR Internet Explorer 5 & 6 Remote Denial of Service DoS using IMG & XML elements Release Date 14. January 2006 Vulnerable Product MicrosoftR Internet Explorer 5 MicrosoftR Internet Explorer 6 Tested and Confirmed Vulerable Microsoft® Windows® XP Professional with Service Pac...

[SECURITY] [DSA 811-2] New common-lisp-controller packages fix arbitrary code injection

-------------------------------------------------------------------------- Debian Security Advisory DSA 811-2 [email protected] http://www.debian.org/security/ Martin Schulze November 21st, 2005 http://www.debian.org/security/faq -...

YaPiG Remote Server-Side Script Execution Vulnerability

The remote web server contains a PHP application that is prone to arbitrary PHP code injection vulnerabilities. Description : The remote host is running YaPiG, a web-based image gallery written in PHP. The remote version of YaPiG may allow a remote attacker to execute malicious scripts on a...

CuteNews flood.db.php Client-IP HTTP Header Arbitrary Code Injection

The version of CuteNews installed on the remote host fails to properly sanitize the IP addresses of clients using the system before logging them to a known file. An attacker can exploit this flaw to inject arbitrary PHP code through a Client-IP request header and then execute that code by...

CVE-2005-2043

CVE-2005-2043 affects XAMPP prior to 1.4.14, where a directory traversal via lang.php allows remote attackers to inject arbitrary HTML and PHP code. This is a server-side input handling flaw in the XAMPP package, enabling code injection through the vulnerable script. The available documents do no...

Fusion SBX <= 1.2 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================== Fusion SBX = 1.2 Remote Command Execution Exploit ================================================== / Fusion SBX = 1.2 exploit sileFSBXxpl This exploit use vulnerability found into Fusion...

Fusion News comments.php X-Forwarded-For HTTP Header Arbitrary Code Injection

The version of Fusion News installed on the remote host suffers from a flaw that allows a remote attacker to execute arbitrary PHP code subject to the privileges of the web server userid. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...

paNews admin_setup.php Multiple Parameter Arbitrary PHP Code Injection

The remote host is running a version of paNews that fails to properly sanitize input passed to the script 'includes/adminsetup.php' and, in addition, allows writes by the web user to the directory 'includes' not the default configuration. Taken together, these flaws allow a remote attacker to run...

mpg123 -- playlist processing buffer overflow vulnerability

A buffer overflow vulnerability exists in the playlist processing of mpg123. A specially crafted playlist entry can cause a stack overflow that can be used to inject arbitrary code into the mpg123 process. Note that a malicious playlist, demonstrating this vulnerability, was released by the bug...

SIR GNUBoard Remote File Inclusion

It is possible to make the remote web server read arbitrary files by using the GNUBoard CGI suite which is installed. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security,...

Debian DSA-125-1 : analog - XSS

Yuji Takahashi discovered a bug in analog which allows a cross-site scripting type attack. It is easy for an attacker to insert arbitrary strings into any web server logfile. If these strings are then analysed by analog, they can appear in the report. By this means an attacker can introduce...

EasyDynamicPages Multiple Script edp_relative_path Parameter Remote File Inclusion

The remote host is running EasyDynamicPages, a set of PHP scripts designed to help web publication. It is possible with this suite to make the remote host include PHP files hosted on a third-party server. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell...