SOTEeSKLEP 3.5RC9 - file Remote File Disclosure

SOTEeSKLEP 3.5RC9 - file Remote File Disclosure SOTEeSKLEP Remote File Disclosure Vulnerability Script : SOTEeSKLEP Versions: 3.1RC8, 3.5RC1, 3.5RC4, 3.5RC9, and i think other. Site : http://www.sote.pl Bug: ... if ! empty$REQUEST"file" $file=$REQUEST'file';...

maGAZIn 2.0 (phpThumb.php src) Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications =================================================================== maGAZIn 2.0 phpThumb.php src Remote File Disclosure Vulnerability =================================================================== \|/// \ - - // @ @...

Campsite 2.6.1 - 'UserType.php?g_documentRoot' Remote File Inclusion

source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects Campsite 2.6.1. Earlier versions may also be affected...

CVE-2007-1742

suexec in Apache HTTP Server httpd 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "htmlbackup" and "htmleditor" under an "html...

DEBIAN-CVE-2007-1742

suexec in Apache HTTP Server httpd 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "htmlbackup" and "htmleditor" under an "html...

Design/Logic Flaw

suexec in Apache HTTP Server httpd 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vend...

CVE-2007-1742

suexec in Apache HTTP Server httpd 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "htmlbackup" and "htmleditor" under an "html...

CVE-2007-1742

Apache HTTP Server (httpd) 2.2.3’s suexec uses a partial path comparison to determine if the current directory is within the document root. This may allow local users to operate on incorrect directories under an html directory (e.g., html_backup/htmleditor). The issue is described across multiple...

CVE-2007-1742

suexec in Apache HTTP Server httpd 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "htmlbackup" and "htmleditor" under an "html...

CVE-2007-1741

Multiple race conditions in suexec in Apache HTTP Server httpd 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that th...

CVE-2007-1741

Multiple race conditions in suexec in Apache HTTP Server httpd 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that th...

PT-2007-3108 · Apache +1 · Apache Http Server +1

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server httpd version 2.2.3 Description: The issue in suexec allows local users to potentially create arbitrary UID/GID owned files if /proc is mounted, by leveraging other vulnerabilities. This is dependent on an insecure server...

PT-2007-3107 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server httpd version 2.2.3 Description: The issue in suexec allows local users to potentially perform unauthorized operations on incorrect directories due to a partial comparison for verifying the current directory within the...

CVE-2006-7114

P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888...

Code injection

download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php...

CVE-2007-0620

download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php...

CVE-2007-0156

M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb...

phpged.txt

========================================================================================================================== PhpGedView 4.0.2 DOCUMENTROOT File inclusion Vulnerablity ======================================= Script:PhpGedView ============= Version:4.0.2 ============= script...

CVE-2006-5117

phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...

CVE-2006-4595

muforum µforum 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes...