Lucene search
K

412 matches found

Tenable Nessus
Tenable Nessus
added 2005/08/08 12:0 a.m.28 views

FlatNuke < 2.5.6 Multiple Remote Vulnerabilities

The remote host is running FlatNuke, a content management system written in PHP that uses flat files rather than a database for its storage. The version of FlatNuke installed on the remote host suffers from several flaws: - Arbitrary PHP Code Execution Vulnerability The application fails to remov...

5CVSS6.1AI score0.06102EPSS
Exploits4References5
Cvelist
Cvelist
added 2005/03/20 5:0 a.m.19 views

CVE-2001-1423

Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the loggedin parameter...

6.9AI score0.01892EPSS
Exploits0References3
CVE
CVE
added 2005/03/20 5:0 a.m.46 views

CVE-2001-1423

The CVE-2001-1423 entry describes a privilege-escalation vulnerability in Advanced Poll prior to version 1.61 when using a flat-file database. The issue arises when an attacker can set the logged_in parameter to gain elevated privileges remotely. Documented impacts indicate partial confidentialit...

7.5CVSS7.3AI score0.01892EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2005/02/19 5:0 a.m.20 views

CVE-2004-1504

The displaycontent function in config.php for Just Another Flat file JAF CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php...

6.5AI score0.0155EPSS
Exploits1References3
Cvelist
Cvelist
added 2005/02/19 5:0 a.m.18 views

CVE-2004-1505

Directory traversal vulnerability in index.php in Just Another Flat file JAF CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. dot dot in the show parameter...

7.2AI score0.01996EPSS
Exploits1References5
NVD
NVD
added 2004/12/31 5:0 a.m.21 views

CVE-2004-1505

Directory traversal vulnerability in index.php in Just Another Flat file JAF CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. dot dot in the show parameter...

7.5CVSS7.2AI score0.01996EPSS
Exploits1References5
securityvulns
securityvulns
added 2004/09/01 12:0 a.m.30 views

CuteNews News.txt writable to world

Date: August 29, 2004 Vender: http://www.cutephp.com/ Program: CuteNews Versions affected: = 1.3.6 Bug: CuteNews News.txt writable to world Type: Author: e0r www: http://www.rootthief.com/ team: !Sui-Generes !Sui Email: homicidal @ gmail . com ----------------------------- Discription: Cute news ...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/02/21 12:0 a.m.42 views

X-News Password MD5 Hash Authentication Bypass

X-News is a news management system, written in PHP. X-News uses a flat-file database to store information. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. X-News stores user ids and passwords, as MD5 hashes, in a world- readable file, 'db/users.txt'...

7.5CVSS5.5AI score0.08051EPSS
Exploits1References2
securityvulns
securityvulns
added 2003/12/09 12:0 a.m.48 views

[Full-Disclosure] @Mail web interface multiple security vulnerabilities

S-Quadra Advisory 2003-12-09 Topic: @Mail web interface multiple security vulnerabilities Severity: Average Vendor URL: http://www.atmail.com Advisory URL: http://www.s-quadra.com/advisories/Adv-20031209.txt Release date: 09 Dec 2003 1. DESCRIPTION "@Mail is a feature rich Email solution that...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2003/02/15 12:0 a.m.35 views

PHP-Board 1.0 - User Password Disclosure

source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative...

7.4AI score
Exploits0
CERT
CERT
added 2001/12/20 12:0 a.m.21 views

Advanced Poll does not adequately authenticate users

Overview Advanced Poll is a polling system written in PHP for use on web sites. When a flat file database is used, Advanced Poll does not adequately authenticate users, thereby allowing any user to gain Advanced Poll administrative privileges. Description On versions of Advanced Poll older than...

7.4AI score
Exploits0References2
Packet Storm
Packet Storm
added 2001/07/12 12:0 a.m.37 views

QDAV-2001-7-1

--=====================133743754==.ALT Content-Type: text/plain; charset="us-ascii"; format=flowed Multiple CGI Flat File Database Manipulation Vulnerability qDefense Advisory Number QDAV-2001-7-1 Product: Numerous CGI's Vendor: Numerous Vendors Severity: Remote; Severity varies, but can often be...

7.4AI score
Exploits0
Rows per page
Query Builder