EUVD-2006-4456

Malware in sbrugna...

OpenEMR globals.php Authentication Bypass (CVE-2015-4453)

An authentication weakness vulnerability exists in OpenEMR, specifically in the globals.php script. The vulnerability is due to variable name collision during HTTP parameter extraction. Successful exploitation will bypass authentication and allow the attacker to gain unauthorized access to the...

OpenEMR 'interface/globals.php' Authentication Bypass Vulnerability - Active Check

OpenEMR is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:open-emr:openemr"; if...

CVE-2015-4453

interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by 1 interface/fax/faxdispatchnewpid.php and 2 interface/billing/sleobsearch.php...

CVE-2015-4453

interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via an ignoreAuth=1 value to certain scripts, as demonstrated by 1 interface/fax/faxdispatchnewpid.php and 2 interface/billing/sleobsearch.php...

OpenEMR 4.1.1 (site param) Remote XSS Vulnerability

Summary OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. Description OpenEMR suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the 'site'...

joomlaoldconfig-rfi.txt

Affects: Joomla 1.0.13 - 1.0.14 Vulnerability: remote PHP file inclusion possible if old configuration.php Date: 14-feb-2008 Introduction: Remote PHP file inclusion is possible when RGEMULATION is not defined in configuration.php. This is typical when upgrading from an older version, leaving...

CVE-2007-0649

Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct a remote file inclusion attacks via the srcdir parameter in custom/importxml.php or b...

CVE-2006-4476

Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via 1 globals.php, which uses includeonce instead of require; 2 the $options variable; 3 Admin Upload Image; 4 -load; 5 content submissions when frontpage is...

CVE-2006-4468

Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the 1 mosMail, 2 JosIsValidEmail, and 3 josSpoofValue functions; 4 the lack of inclusion of globals.php in...

FreeBSD : mambo -- 'register_globals' emulation layer overwrite vulnerability (ffb82d3a-610f-11da-8823-00123ffe8333)

A Secunia Advisory reports : peter MC tachatte has discovered a vulnerability in Mambo, which can be exploited by malicious people to manipulate certain information and compromise a vulnerable system. The vulnerability is caused due to an error in the 'registerglobals' emulation layer in...

CVE-2005-3738

globals.php in Mambo Site Server 4.0.14 and earlier, when registerglobals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfigabsolutepath parameter to content.html.php for remote PHP file inclusion...

CVE-2005-3738

globals.php in Mambo Site Server 4.0.14 and earlier, when registerglobals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfigabsolutepath parameter to content.html.php for remote PHP file inclusion...

mambo -- "register_globals" emulation layer overwrite vulnerability

A Secunia Advisory reports: peter MC tachatte has discovered a vulnerability in Mambo, which can be exploited by malicious people to manipulate certain information and compromise a vulnerable system. The vulnerability is caused due to an error in the "registerglobals" emulation layer in...

[Full-disclosure] mambo remote code sexecution

a vulnerability exist in globals.php when registerglobals is off and allow remote code inclusion this a GLOBALS overwrite in components/comcontent/content.html.php there is the line: requireonce $GLOBALS'mosConfigabsolutepath' . '/includes/HTMLtoolbar.php' ; ok da globals.php: if...

CVE-2002-0953

The CVE-2002-0953 entry concerns the PHP Address product, prior to version 0.2f, where enabling allow_url_fopen and register_globals creates a remote code execution risk. The vulnerability allows an attacker to supply a URL containing code in the LangCookie parameter, which is then executed by th...