[Full-disclosure] Uebimiau Webmail Multiple Vulnerabilities

Synopsis: Multiple Vulnerabilities Introduction: Uebimiau is an open source webmail interface. Details: Uebimiau doesn't correctly handle the $GET array in error.php. Many vulnerabilities have been already discovered, but I would like to introduce few new ones: 1 XSS 2 Three Web Server Directory...

Post REvolution 0.7.0 RC 2 - 'dir' Remote File Inclusion

Post Revolution Remote File Inclusion Affected Software .: Post Revolution 6.6 / 7.0 Release Candidate 2 Download..: http://www.fabio.com.ar/postrev/ Risk ..............: high Date .........: 25/3/2007 Found by ..........: InyeXion Contact ...........: InyeXionatgmail.com Web .............:...

Envolution <= 1.1.0 (PNSVlang) Remote Code Execution Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

CVE-2006-5718

CVE-2006-5718 is an XSS vulnerability in phpMyAdmin (versions 2.6.4–2.9.0.2) where UTF-7/US-ASCII data injected into error.php could be reflected in error messages. The issue affects phpMyAdmin installations using those versions; SUSE/NASL advisories note a patched package upgrading to 2.9.1.1 th...

PostNuke 0.763 - PNSV lang Remote Code Execution

PostNuke 0.763 - PNSV lang Remote Code Execution DEVIL TEAM IRC: 72.20.18.6:6667 devilteam ======== Contact: [email protected] or http://www.rahim.webd.pl/ cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patrio...

Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpMyAdmin - error.php XSS Vulnerability Release Date: 2006/11/02 Last Modified: 2006/11/02 Author: Stefan Esser [email protected] Application: phpMyAdmin = 2.9.0.2...

[Full-disclosure] Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpMyAdmin - error.php XSS Vulnerability Release Date: 2006/11/02 Last Modified: 2006/11/02 Author: Stefan Esser [email protected] Application: phpMyAdmin = 2.9.0.2...

Pie Cart Pro - Inc_Dir Remote File Inclusion

Pie Cart Pro - IncDir Remote File Inclusion ==================================================================== Pie Cart Pro = IncDir Remote File Inclusion Exploit ==================================================================== Critical Level : Dangerous By SnIpErSA...

CVE-2006-4747

Multiple cross-site scripting XSS vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via 1 the id parameter in delete.php and 2 the error parameter in error.php...

PT-2006-4911 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP versions prior to 1.1.7.3363 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. This occurs due to a...

CVE-2004-1830

CVE-2004-1830 : The error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information by supplying invalid (language, newlang, or lang) parameters, which leaks the pathname in a PHP error message. This is a information-disclosure issue affecting the specified...

GrayCMS php code injection

Version: 1.1 Severity: High Vendor: http://gcms.graymur.net/ Vulnerable code is in "code/error.php": ----begin---- ... if !isset$page $page = ''; if !isset$pathprefix $pathprefix = '../'; if empty$main require $pathprefix.'code/main.dat'; if isset$e404 or isset$GET'e404' ... if isset$e403 or...