dwebpro 6.8.26 - Directory Traversal / File Disclosure

dWebPro v 6.8.26 ============================================ Remote Directory Tarvelsal && Remote File Disclosure p0c's ============================================ Download : http://www.dwebpro.com/downloads/dwebpro6.8.26.exe ============================================ Autor : Alfons Luja Test...

Viart shopping cart 3.5 - Multiple Vulnerabilities

=============================================================== !vuln ViArt Shopping Cart v3.5 is prone to multiple remote vulnerabilities. Earlier versions may also be affected. ===============================================================...

CVE-2008-2041

Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root...

CVE-2008-2003

BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to 1 cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via 2 badblue.exe and 3 dyndns.exe. NOTE: this can be...

Quick Classifieds 1.0 - controlpannelcreateL.php3?DOCUMENT_ROOT Remote File Inclusion

Quick Classifieds 1.0 - controlpannelcreateL.php3?DOCUMENTROOT Remote File Inclusion source: https://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issue...

CVE-2007-5685

The CVE-2007-5685 issue affects the shttp project’s safe_path function, vulnerable before version 0.0.5. The function allows directory traversal when processing a sequence mixing ".." and sub-directories, resolving to a path at or below the web document root but located elsewhere in the tree. Thi...

shttp004-traverse.txt

The most recent version of this advisory including any updates is available at: http://www.digineo.co.uk/shttpdirectorytraversal Directory Traversal Flaw in shttp --------------------------------- Affected product: shttp Product vendor: Vito Caputo - http://serverkit.org/modules/contrib/shttp/...

CVE-2003-1404

DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords...

CVE-2003-1401

login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request...

CVE-2003-1423

Vulnerability summary: Petitforum stores the liste.txt data file under the web document root with insufficient access control, allowing remote attackers to obtain sensitive information (e-mails and encrypted passwords). Root cause: improper access restrictions on the data file within the web root...

PT-2007-6476 · Unknown · Crs Manager

Name of the Vulnerable Software and Affected Versions: CRS Manager affected versions not specified Description: The issue concerns multiple PHP remote file inclusion vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT ROOT paramete...

CVE-2007-5193

The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory cfgRCSWorkAreaDir under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied...

CVE-2007-5193

Twiki 4.1.2 on Debian GNU/Linux (and possibly other OS) has a default configuration that places the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root. This may allow remote attackers to obtain sensitive information if .htaccess restrictions are not applied. Public details co...

CVE-2007-5193

The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory cfgRCSWorkAreaDir under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied...

PT-2007-6064 · Phportal · Phportal

Name of the Vulnerable Software and Affected Versions: PHPortal version 0.2.7 Description: A remote file inclusion issue in form/db form/employee.php allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT ROOT parameter. However, it is noted that this issue is disputed...

CVE-2007-4339

PHPCentral Poll Script 1.0 is affected by multiple PHP remote file inclusion vulnerabilities. The issue allows an attacker to execute arbitrary PHP code by supplying a URL to the _SERVER[DOCUMENT_ROOT] parameter in poll.php and pollarchive.php. The note attributes the underlying cause to a variab...

SOTEeSKLEP 3.5RC9 - file Remote File Disclosure

SOTEeSKLEP 3.5RC9 - file Remote File Disclosure SOTEeSKLEP Remote File Disclosure Vulnerability Script : SOTEeSKLEP Versions: 3.1RC8, 3.5RC1, 3.5RC4, 3.5RC9, and i think other. Site : http://www.sote.pl Bug: ... if ! empty$REQUEST"file" $file=$REQUEST'file';...

Lib2 PHP v0.2 (DOCUMENT_ROOT) Remote File Inclusion Vulnerability

------------------------------------------------------------------------------------------------------------------- MefistoLabs.Com PreSents... Script: Lib2 PHP v0.2 Script Download1: http://www.omnistarinc.com/fonin/projects/lib2/lib2-0.2.tar.gz Script Download2:...

maGAZIn 2.0 (phpThumb.php src) Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications =================================================================== maGAZIn 2.0 phpThumb.php src Remote File Disclosure Vulnerability =================================================================== \|/// \ - - // @ @...

Campsite 2.6.1 - 'UserType.php?g_documentRoot' Remote File Inclusion

source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier versions may also be affected...