412 matches found
FlatNuke < 2.5.6 Multiple Remote Vulnerabilities
The remote host is running FlatNuke, a content management system written in PHP that uses flat files rather than a database for its storage. The version of FlatNuke installed on the remote host suffers from several flaws: - Arbitrary PHP Code Execution Vulnerability The application fails to remov...
CVE-2001-1423
Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the loggedin parameter...
CVE-2001-1423
The CVE-2001-1423 entry describes a privilege-escalation vulnerability in Advanced Poll prior to version 1.61 when using a flat-file database. The issue arises when an attacker can set the logged_in parameter to gain elevated privileges remotely. Documented impacts indicate partial confidentialit...
CVE-2004-1504
The displaycontent function in config.php for Just Another Flat file JAF CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php...
CVE-2004-1505
Directory traversal vulnerability in index.php in Just Another Flat file JAF CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. dot dot in the show parameter...
CVE-2004-1505
Directory traversal vulnerability in index.php in Just Another Flat file JAF CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. dot dot in the show parameter...
CuteNews News.txt writable to world
Date: August 29, 2004 Vender: http://www.cutephp.com/ Program: CuteNews Versions affected: = 1.3.6 Bug: CuteNews News.txt writable to world Type: Author: e0r www: http://www.rootthief.com/ team: !Sui-Generes !Sui Email: homicidal @ gmail . com ----------------------------- Discription: Cute news ...
X-News Password MD5 Hash Authentication Bypass
X-News is a news management system, written in PHP. X-News uses a flat-file database to store information. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. X-News stores user ids and passwords, as MD5 hashes, in a world- readable file, 'db/users.txt'...
[Full-Disclosure] @Mail web interface multiple security vulnerabilities
S-Quadra Advisory 2003-12-09 Topic: @Mail web interface multiple security vulnerabilities Severity: Average Vendor URL: http://www.atmail.com Advisory URL: http://www.s-quadra.com/advisories/Adv-20031209.txt Release date: 09 Dec 2003 1. DESCRIPTION "@Mail is a feature rich Email solution that...
PHP-Board 1.0 - User Password Disclosure
source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative...
Advanced Poll does not adequately authenticate users
Overview Advanced Poll is a polling system written in PHP for use on web sites. When a flat file database is used, Advanced Poll does not adequately authenticate users, thereby allowing any user to gain Advanced Poll administrative privileges. Description On versions of Advanced Poll older than...
QDAV-2001-7-1
--=====================133743754==.ALT Content-Type: text/plain; charset="us-ascii"; format=flowed Multiple CGI Flat File Database Manipulation Vulnerability qDefense Advisory Number QDAV-2001-7-1 Product: Numerous CGI's Vendor: Numerous Vendors Severity: Remote; Severity varies, but can often be...