phpAddEdit 1.3 Local File Inclusion

phpaddedit-1.3 LFI Author: nuclear script:http://sourceforge.net/projects/phpaddedit/ vuln:http://target.com/addedit-render.php?editform=../../../../../../../etc/passwd%00 vulnerable code: if !$formname && $GET"editform" $formname = $GET"editform"; ... if $errormessage || $error ||...

Manual crack fast flash reduction-vulnerability warning-the black bar safety net

Information source: evil octal information security team www.eviloctal.com） Article author: monsterok（monster） Go to the cafe Internet, I downloaded a half-day things, can let I accidentally put the computer the power to kick, because the cafe machine is installed restore, reboot after everything...

CVE-2008-4730

Cross-site scripting XSS vulnerability in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openidtrustroot parameter and an inconsistent openidreturnto parameter, which is not properly handled in an error message...

CVE-2008-4638

qioadmin in the Quick I/O for Database feature in Symantec Veritas File System VxFS on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message...

CVE-2008-4638

qioadmin in the Quick I/O for Database feature in Symantec Veritas File System VxFS on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message...

CVE-2008-3060

V-webmail 1.5.0 allows remote attackers to obtain sensitive information via 1 malformed input in the login page includes/local.hooks.php and 2 an invalid session ID, which reveals the installation path in an error message...

Information disclosure

cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message...

Design/Logic Flaw

createaccount.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message...

Information disclosure

themes/sample/theme.php in Coppermine Photo Gallery CPG 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message...

Design/Logic Flaw

searchresult.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message...

Design/Logic Flaw

BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via 1 an enablecache=false query string to footer.php or 2 a direct request to pagination.php, which reveals the installation path in an error message...

Design/Logic Flaw

class/page.php in Farsi Script aka FaScript FaName 1.0 allows remote attackers to obtain sensitive information via a '; quote semicolon sequence in the id parameter, which reveals the installation path in an error message...

Information disclosure

Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to db/compact.asp, which reveals the database path in an error message...

Code injection

Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information user names by reading the error message produced upon access to a nonexistent blog...

Multiple email clients vulnerable in handling an attachement inapropriately

Overview Some email clients contain a vulnerability which may crash themselves as they do not properly handle an attached file with an particular file name. Impact Actual impact could differ depending on the email clients though, email clients may crash when hadling an attached file with a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the 1 searchtext and 2 searchcategory parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtain...

CVE-2008-2181

Multiple cross-site scripting XSS vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the 1 searchtext and 2 searchcategory parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtain...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message...

CVE-2008-2082

Cross-site scripting XSS vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message...

CVE-2008-2082

Cross-site scripting XSS vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message...