8787 matches found
CVE-2005-2319
PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the Yawpconfpath parameter...
CVE-2005-2319
PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the Yawpconfpath parameter...
CVE-2002-2065
WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root...
CVE-2002-2065
WebCalendar 0.9.34 and earlier is affected by an insecure include-file access vulnerability. When the product is built with “browsing in includes directory” enabled, remote attackers can read arbitrary .inc files from the web root. Root cause: insecure include-path handling allows reading local i...
sitepanel2.txt
GulfTech Security Research May 3rd, 2005 Vendor : Morgan Harvey URL : http://www.sitepanel2.com/ Version : 2.6.1 And Earlier Risk : Multiple Vulnerabilities Description: SitePanel2 is a helpdesk / trouble ticket / support system used by businesses and individuals alike. There are a number of...
Advisory 10/2005: Yawp/YaWiki Remote URL Include Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Yawp/YaWiki Remote URL Include Vulnerability Release Date: 2005/07/12 Last Modified: 2005/07/12 Author: Stefan Esser [email protected] Application: Yawp = 1.0.6 Severity...
phpSecurePages cfgProgDir Variable File Include Vulnerabilities
The remote host is running phpSecurePages, a PHP module used to secure pages with a login name / password. The installed version of phpSecurePages allows remote attackers to control the 'cfgProgDir' variable used when including PHP code in several of the application's scripts. By leveraging this...
osTicket < 1.3.1 Multiple Vulnerabilities
Binary data 3046.prm...
MyGuestbook 0.6.1 - Form.Inc.php3 Remote File Inclusion
MyGuestbook 0.6.1 - Form.Inc.php3 Remote File Inclusion source: https://www.securityfocus.com/bid/14155/info MyGuestbook is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue...
osTicket <= 1.3.1 Multiple Vulnerabilities
The version of osTicket installed on the remote host suffers from several vulnerabilities, including: - A Local File Include Vulnerability The application fails to sanitize user-supplied input to the 'inc' parameter in the 'view.php' script. An attacker may be able to exploit this flaw to run...
DEBIAN-CVE-2005-1526
PHP remote file inclusion vulnerability in configsettings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the configincludepath parameter...
FusionBB 0.x - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/13939/info FusionBB is affected by multiple vulnerabilities. These issues arise due to a failure of the application to properly sanitize user-supplied input. The following specific vulnerabilities were identified: The application is affected by a local fi...
FusionBB 0.x - Multiple Input Validation Vulnerabilities
FusionBB 0.x - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/13939/info FusionBB is affected by multiple vulnerabilities. These issues arise due to a failure of the application to properly sanitize user-supplied input. The following specific vulnerabilities...
PHP-Nuke 7.x - Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing...
[SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=>x
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke Non Critical SQL Injection and Include 0.760-RC3=x cXIb8O3.10 Author: cXIb8O3Maksymilian Arciemowicz Date: 2.4.2005 from securityreason.com TEAM - --- 0.Description --- PostNuke: The Phoenix Release 0.760-RC3=X PostNuke is an open source, ope...
Yappa-NG Multiple Vulnerabilities
GulfTech Security Research May 11th, 2005 Vendor : Fritz Berger URL : http://sourceforge.net/projects/yappa-ng/ Version : yappa-ng 2.3.1 && Earlier Risk : Multiple Vulnerabilities Description: Yappa-NG is the second generation new and improved version of Yappa yet another php photo album. There a...
osTicket <= 1.2.7 Multiple Vulnerabilities
The version of osTicket installed on the remote host suffers from several vulnerabilities : - A Remote File Include Vulnerability The script 'include/main.php' lets an attacker read arbitrary files on the remote host and possibly even run arbitrary PHP code, subject to the privileges of the web...
SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/13481/info SitePanel2 is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Multiple cross-site scripting issues affect the application. An attacker may...
SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities
SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/13481/info SitePanel2 is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Multiple cross-site...
CVE-2005-0327
pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php...