Lucene search
K

105 matches found

Tenable Nessus
Tenable Nessus
added 2006/05/27 12:0 a.m.783 views

UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion

The version of UBB.threads installed on the remote host fails to sanitize input to the 'thispath' parameter before using it in a PHP include function in the 'addpostnewpoll.php' script. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be able to exploit this fl...

5.1CVSS6AI score0.07873EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2006/03/27 12:0 a.m.868 views

PostNuke PNphpBB2 includes/functions_admin.php phpbb_root_path Parameter Remote File Inclusion

The installation of PostNuke on the remote host includes a version of the PNphpBB2 module that fails to sanitize input to the 'phpbbrootpath' parameter of the 'includes/functionsadmin.php' script before using it in a PHP 'includeonce' function. Provided PHP's 'registerglobals' setting is enabled,...

7.5CVSS6AI score0.09415EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2006/02/13 12:0 a.m.87 views

HP Systems Insight Manager Namazu lang Parameter Traversal Arbitrary File Access

The remote host appears to be running HP Systems Insight Manager SIM, a unified infrastructure management tool. The version of HP SIM on the remote host includes a version of the search engine Namazu that reportedly fails to validate user input to the 'lang' parameter of the 'namazucgi' script. A...

5CVSS5.5AI score0.04174EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/11/29 12:0 a.m.17 views

PHP Doc System index.php show Parameter Local File Inclusion

The remote host is running PHP Doc System, a modular, PHP-based system for creating documentation. The version of PHP Doc System installed on the remote host fails to sanitize user input to the 'show' parameter of the 'index.php' script before using it in a PHP 'include' function. An...

6.4CVSS6.2AI score0.02577EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/11/02 12:0 a.m.34 views

e107 Detection

The remote host is running e107, a content management system written in PHP and with a MySQL back-end. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid20129; scriptversion"1.15"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/10/06 12:0 a.m.25 views

CubeCart < 3.0.4 Multiple Script XSS

The remote version of CubeCart contains several cross-site scripting vulnerabilities due to its failure to properly sanitize user-supplied input of certain variables to the 'index.php' and 'cart.php' scripts. %NASLMINLEVEL 70300 Josh Zlatin-Amishav This script is released under the GNU GPLv2...

4.3CVSS5.2AI score0.02235EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2005/09/19 12:0 a.m.17 views

phpGroupWare < 0.9.16 Addressbook Unspecified Vulnerability

The remote host seems to be running PhpGroupWare, a multi-user groupware suite written in PHP. This version is prone to an unspecified flaw related to its addressbook. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/08/12 12:0 a.m.32 views

Gallery PostNuke Integration Access Validation Privilege Escalation

The remote host is running Gallery, a web-based photo album. According to its banner, the version of Gallery installed on the remote host is subject to an access validation issue when integrated with PostNuke, as is the case on the remote host. The issue means that any user with any level of admi...

4.6CVSS5.5AI score0.00379EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2005/07/26 12:0 a.m.110 views

FtpLocate flsearch.pl fsite Parameter Remote File Inclusion

The remote host is running FtpLocate, a web search engine for FTP sites written in Perl. The installed version of FtpLocate allows remote attackers to execute commands on the remote host by manipulating input to the 'fsite' parameter in various scripts. %NASLMINLEVEL 70300 C Tenable Network...

10CVSS5.6AI score0.05581EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/06/22 12:0 a.m.63 views

Cacti Local File Inclusion Vulnerability

The Cacti application running on the remote web server is affected by a local file inclusion vulnerability due to improperly validating user-supplied input to the 'configincludepath' parameter in 'configsettings.php'. A remote attacker can exploit this to execute arbitrary PHP code. %NASLMINLEVEL...

7.5CVSS5.6AI score0.16552EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2005/05/02 12:0 a.m.38 views

Websense Reporting Console Detection

The remote host appears to be running Websense, and connections are allowed to the web reporting console. A remote attacker could use information gathered from this access to mount further attacks. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid18177;...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/04/15 12:0 a.m.26 views

Serendipity Detection

Serendipity, a PHP-based blog application, is running on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid18054; scriptversion"1.19"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"Serendipity Detection";...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/03/30 12:0 a.m.32 views

ASP PortalApp Multiple SQL Injection

The remote host is running ASP PortalApp, a web application software written in ASP. There is a flaw in the remote software that could allow anyone to inject arbitrary SQL commands, which could in turn be used to gain administrative access on the remote host. In addition, a path disclosure and...

7.5CVSS5.4AI score0.01376EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2005/03/07 12:0 a.m.120 views

vBulletin Detection

The remote host is running vBulletin, a commercial web-based message forum application written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17282; scriptversion"1.17"; scriptsetattributeattribute:"pluginmodificationdate", value:"2020/08/10";...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/11/22 12:0 a.m.30 views

phpBB Detection

The remote host is running phpBB, a bulletin-board system written in PHP. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid15779; scriptversion"1.25"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"phpBB Detection";...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/07/10 12:0 a.m.82 views

Open WebMail Detection

The remote host is running Open WebMail, a webmail package written in Perl that provides access to mail accounts via POP3 or IMAP. %NASLMINLEVEL 70300 This script was written by George A. Theall, . See the Nessus Scripts License for details. include'deprecatednasllevel.inc'; include"compat.inc"; ...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/08/11 12:0 a.m.15 views

Stellar Docs Malformed Query Path Disclosure

The remote host is running StellarDocs There is a flaw in this system which may allow an attacker to obtain the physical path of the remote installation of StellarDocs. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid11817; scriptversion"1.21";...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/05/29 12:0 a.m.19 views

Ultimate PHP Board admin_iplog.php Arbitrary Code Execution

The remote host is running Ultimate PHP Board UPB. There is a flaw in this version which may allow an attacker to execute arbitrary code on this host, by sending a malformed user-agent which contains PHP commands. Once the user-agent has been sent, it is stored in the logs. When the administrator...

7.5CVSS6.1AI score0.02531EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/03/26 12:0 a.m.16 views

DCP-Portal Multiple Script Path Disclosure

DCP-Portal discloses its physical path when an empty request to adduser.php is made In addition, several other scripts may disclose the path if an invalid language is supplied, although Nessus has not checked for them. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ahmet Sabri ALPER To:...

5CVSS5.2AI score0.01694EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2003/03/06 12:0 a.m.46 views

PHP-Ping index.php pingto Parameter Arbitrary Code Execution

It is possible to make the remote host execute arbitrary DOS commands using the CGI phpping. An attacker may use this flaw to gain a shell with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Message-ID: From: "Gregory Le Bras | Security Corporation" To...

5.9AI score
Exploits0
Rows per page
Query Builder