Yellow Duck Weblog 2.1.0 (lang) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================== Yellow Duck Weblog 2.1.0 lang Local File Inclusion Vulnerability ================================================================== =-=-local file include-=-=...

Yellow Duck Weblog 2.1.0 - 'lang' Local File Inclusion

=-=-local file include-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-= script::Yellow Duck Weblog ------------------------------------------------- Author: ahmadbady =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- download...

Unfixed XSS vulnerability at www.ihelpers.co.kr

Security researcher Mystick, has submitted on 11/10/2008 a cross-site-scripting XSS vulnerability affecting www.ihelpers.co.kr, which at the time of submission ranked 890908 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/11/2008. It is...

RaidenHTTPD check.php远程文件包含漏洞

RaidenHTTPD Server是Windows 98/Me/2000/XP/2003平台上具有完全特性的Web server软件，用户可以方便的使用和安装。 RaidenHTTPD自带的脚本在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 RaidenHTTPD的raidenhttpd-admin/slice/check.php脚本没有正确验证SoftParserFileXml参数的输入，允许攻击者通过包含本地或外部资源的文件执行任意PHP代码。成功攻击要求启用了WebAdmin功能。 RaidenHTTPD Server 1.1....

RaidenHTTPD check.php SoftParserFileXml Parameter Remote File Inclusion

The remote host is running RaidenHTTPD, a web server for Windows. The version of RaidenHTTPD on the remote host fails to sanitize user-supplied input to the 'SoftParserFileXml' of the '/raidenhttpd-admin/slice/check.php' script before using it to include PHP code. An unauthenticated attacker may ...

CVE-2006-0754

dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the...

Design/Logic Flaw

DISPUTED dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if...

CVE-2006-0756

dotProject 2.0.1 and earlier leaves 1 phpinfo.php and 2 check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignor...

CVE-2006-0756

CVE-2006-0756 affects dotProject versions 2.0.1 and earlier. The issue: phpinfo.php and check.php remain accessible under the /docs/ directory after installation, allowing remote attackers to obtain sensitive configuration information. The vendor disputes the flaw, noting it occurs only if instal...

CVE-2006-0756

dotProject 2.0.1 and earlier leaves 1 phpinfo.php and 2 check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignor...

CVE-2006-0754

dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the...

PT-2006-1803 · Dotproject · Dotproject

Name of the Vulnerable Software and Affected Versions: dotProject versions 2.0.1 and earlier Description: The issue allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error...

PT-2006-1805 · Dotproject · Dotproject

Name of the Vulnerable Software and Affected Versions: dotProject versions 2.0.1 and earlier Description: The issue allows remote attackers to obtain sensitive configuration information because certain files, specifically phpinfo.php and check.php, remain accessible under the /docs/ directory aft...

Authentication flaw

check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication...

CVE-2006-0607

check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication...

CVE-2006-0608

Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the username parameter to check.php or 2 unknown attack vectors to scripts that display information from the database...

CVE-2006-0602

Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 username parameter to check.php or the id parameter to 2 admin/editsmilie.php, 3 admin/addtheme.php, 4 admin/banip.php, 5 admin/addlang.php, or 6...