1046 matches found
Joomla Component 'com_img' Local File Include Vulnerability
The 'comimg' component for Joomla! is prone to a local file- include vulnerability because it fails to properly sanitize user- supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver...
TFTgallery 'thumbnailformpost.inc.php' Local File Include Vulnerability
TFTgallery is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow t...
Online Grades Multiple Local File Include Vulnerabilities
Online Grades is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker with admin access can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the...
Joomla! Component Jstore - Controller Local File Inclusion
Joomla! Component Jstore - Controller Local File Inclusion source: https://www.securityfocus.com/bid/44053/info The 'comjstore' component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerabilit...
LightOpenCMS 'smarty.php' LFI Vulnerability
LightOpenCMS is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may...
Uebimiau Webmail 'stage' Parameter Local File Include Vulnerability
Uebimiau Webmail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
NWS-Classifieds - cmd Local File Inclusion
NWS-Classifieds - cmd Local File Inclusion source: https://www.securityfocus.com/bid/43259/info NWS-Classifieds is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...
HeffnerCMS 1.22 - 'index.php' Local File Inclusion
source: https://www.securityfocus.com/bid/43006/info HeffnerCMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts i...
Groupmax World Wide Web Desktop Cross-Site Scripting Vulnerability
Overview Groupmax World Wide Web Desktop is vulnerable to cross-site scripting. Impact A remote attacker could execute arbitrary scripts on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
AneCMS 1.0 - Multiple Local File Inclusions
AneCMS 1.0 - Multiple Local File Inclusions source: https://www.securityfocus.com/bid/39416/info AneCMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive...
AneCMS 1.0 - Multiple Local File Inclusions
source: https://www.securityfocus.com/bid/39416/info AneCMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and to execute arbitrary local...
Saskias ShopSystem - id Local File Inclusion
Saskias ShopSystem - id Local File Inclusion source: https://www.securityfocus.com/bid/38574/info Saskia's Shopsystem is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitiv...
TikiWiki jhot.php Script File Upload Security Bypass (CVE-2006-4602)
TikiWiki, also known as Tiki CMS/Groupware or simply Tiki, is a powerful wiki-based Content Management System CMS which allows users and/or groups of users to manage their data on-line via a web browser. TikiWiki provides numerous features, including Wiki-based Documentation, Groupware, Blogging...
SiteX 'THEME_FOLDER' Parameter Multiple Local File Include Vulnerabilities
SiteX is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the...
Oracle Application Server vulnerable to cross-site scripting
Overview Oracle Application Server from Oracle contains a cross-site scripting vulnerability. Oracle Application Server from Oracle is an application server. Oracle Application Server contains a cross-site scripting vulnerability. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC...
Simple PHP Blog v0.5.1 Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ========================================================= Simple PHP Blog v0.5.1 Local File Inclusion Vulnerability ========================================================= Simple PHP Blog is prone to a local file-include vulnerability...
FlatPress 'userid' Parameter Local File Include Vulnerability
FlatPress is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow th...
opera -- multiple vulnerabilities
Opera Team reports: An unspecified error in the processing of JPEG images can be exploited to trigger a memory corruption. An error can be exploited to execute arbitrary script code in a different domain via unspecified plugins. An unspecified error has a "moderately severe" impact. No further...
AbleDating 2.4 - search_results.php?keyword Cross-Site Scripting
AbleDating 2.4 - searchresults.php?keyword Cross-Site Scripting source: https://www.securityfocus.com/bid/29342/info AbleDating is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include an SQL-injection vulnerability and...
AbleDating 2.4 - search_results.php?keyword SQL Injection
AbleDating 2.4 - searchresults.php?keyword SQL Injection source: https://www.securityfocus.com/bid/29342/info AbleDating is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include an SQL-injection vulnerability and a...