622 matches found
CVE-2008-1111
CVE-2008-1111 affects lighttpd 1.4.18 through the mod_cgi path. When a fork failure occurs, lighttpd may return the source code of the CGI script instead of a 500 error, potentially allowing remote attackers to obtain sensitive information (information disclosure). Connected documents indicate re...
Joomla! 'mosConfig_absolute_path' Parameter Remote File Include
The version of Joomla! running on the remote host is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'mosConfigabsolutepath' parameter before using it in the index.php script to include PHP code. Provided 'RGEMULATION' is not defined in t...
bloofox-multi.txt
WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! -...
Bloofox 0.3 (SQL/FD) Multiple Remote Vulnerabilities
No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected...
Bloofox CMS SQL Injection (Authentication bypass) , Source code disclosure
WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! -...
Bloofox 0.3 (SQL/FD) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ==================================================== Bloofox 0.3 SQL/FD Multiple Remote Vulnerabilities ==================================================== WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilitie...
Bitweaver wiki/edit.php suck_url Parameter Traversal Source Code Disclosure
The remote host is running Bitweaver, an open source content management system written in PHP. The version of this software installed on the remote host fails to sanitize input to the 'suckurl' parameter of the 'wiki/edit.php' script of directory traversal sequences. An unauthenticated attacker c...
MODx CMS 0.9.6.1 Multiple Remote Vulnerabilities
No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title: MODx CMS Vulnerabilities Vendor: http://modxcms.com Bugs: Source code disclosure, local file inclusion Vulnerable Version: 0.9.6.1 prior versions also may be affected Exploitation: Remote with browser...
MODx CMS 0.9.6.1 - Multiple Vulnerabilities
MODx CMS 0.9.6.1 - Multiple Vulnerabilities WwW.BugReport.ir AmnPardaz Security Research Team Title: MODx CMS Vulnerabilities Vendor: http://modxcms.com Bugs: Source code disclosure, local file inclusion Vulnerable Version: 0.9.6.1 prior versions also may be affected Exploitation: Remote with...
MODx CMS 0.9.6.1 Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ================================================ MODx CMS 0.9.6.1 Multiple Remote Vulnerabilities ================================================ AmnPardaz Security Research Team Title: MODx CMS Vulnerabilities Vendor: http://modxcms.com...
MODx CMS 0.9.6.1 - Multiple Vulnerabilities
WwW.BugReport.ir AmnPardaz Security Research Team Title: MODx CMS Vulnerabilities Vendor: http://modxcms.com Bugs: Source code disclosure, local file inclusion Vulnerable Version: 0.9.6.1 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: quote...
MODx 0.9.6.1 - htcmime.php Source Code Information Disclosure
MODx 0.9.6.1 - htcmime.php Source Code Information Disclosure source: https://www.securityfocus.com/bid/27096/info MODx is prone to a vulnerability that allows attackers to access source code because the application fails to properly sanitize user-supplied input. An attacker can exploit this...
Bitweaver source code disclosure, arbitrary file upload
WwW.BugReport.ir AmnPardaz Security Research Team Title: Bitweaver R2 CMS Vendor: http://www.bitweaver.org Bugs: source code disclosure, arbitrary file upload Vulnerable Version: 2 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: Bitweaver is...
modxcms-lfi.txt
WwW.BugReport.ir AmnPardaz Security Research Team Title: MODx CMS Vulnerabilities Vendor: http://modxcms.com Bugs: Source code disclosure, local file inclusion Vulnerable Version: 0.9.6.1 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: quote...
Bitweaver R2 CMS Remote File Upload / Disclosure Vulnerabilities
No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title: Bitweaver R2 CMS Vendor: http://www.bitweaver.org Bugs: source code disclosure, arbitrary file upload Vulnerable Version: 2 prior versions also may be affected Exploitation: Remote with browser Fix...
bitweaver-disclose.txt
WwW.BugReport.ir AmnPardaz Security Research Team Title: Bitweaver R2 CMS Vendor: http://www.bitweaver.org Bugs: source code disclosure, arbitrary file upload Vulnerable Version: 2 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: Bitweaver is...
Bitweaver R2 CMS - Arbitrary File Upload Disclosure
Bitweaver R2 CMS - Arbitrary File Upload Disclosure WwW.BugReport.ir AmnPardaz Security Research Team Title: Bitweaver R2 CMS Vendor: http://www.bitweaver.org Bugs: source code disclosure, arbitrary file upload Vulnerable Version: 2 prior versions also may be affected Exploitation: Remote with...
Bitweaver R2 CMS - Arbitrary File Upload / Disclosure
WwW.BugReport.ir AmnPardaz Security Research Team Title: Bitweaver R2 CMS Vendor: http://www.bitweaver.org Bugs: source code disclosure, arbitrary file upload Vulnerable Version: 2 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: Bitweaver is...
smbfs and apache+php source code disclosure
Because of different filename handling in Posix and Windows there is an issue with resolving filenames with a backslash "" character appended on a windows share. Consider you have a windows share mounted on a linux box with a php script on it - let's say info.php. Executing find info.php and find...
CVE-2007-6314
BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a 1 + plus, 2 . dot, or 3 %80 and similar characters to the file name in the URL...