EUVD-2007-4789

Malware in sbrugna...

PortailPHP 2 mod_news/goodies.php chemin Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/22381/info PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary...

TLM CMS SQL注入漏洞

TLM CMS是一款基于PHP的WEB应用程序。 TLM CMS不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL攻击，获得敏感信息或操作数据库。 问题是由于脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，攻击者可以获得敏感信息或操作数据库。 TLM CMS 3.2 目前没有详细解决方案提供： http://tlm.hebserv.fr/home.php...

Directory traversal

Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. dot dot in the chemin parameter to 1 modnews/index.php or 2 modnews/goodies.php. NOTE: The provenance of this information is unknown; the details are obtained solely...

CVE-2007-0821

CVE-2007-0821 describes multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2. An attacker can read arbitrary files by injecting a .. sequence into the chemin parameter of two PHP scripts: mod_news/index.php and mod_news/goodies.php. The underlying issue is improper validatio...