8787 matches found
security flaw
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system...
CubeCart < 2.0.5 Multiple Vulnerabilities
The version of CubeCart on the remote host is vulnerable to a local file include issue, along with related cross-site scripting and path disclosure issues, due to a failure to sanitize user-supplied data. Successful exploitation of this issue may allow an attacker to execute arbitrary code on the...
pmachineExec.txt
This is a multi-part message in MIME format. ------=NextPart000000001C516AC.9C269F50 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit pMachine Pro / pMachine Free Remote Code Execution vendor website: http://www.pmachine.com I. BACKGROUND PMachine is one of the most...
Mambo Content Server Detection Global Variables Overwrite
Binary data 2638.prm...
phpmyadmin -- arbitrary file include and XSS vulnerabilities
A phpMyAdmin security announcement reports: We received two bug reports by Maksymilian Arciemowicz about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points: css/phpmyadmin.css.php was vulnerable against $cfg and GLOBALS variable injections. This...
[Full-Disclosure] pMachine Pro / pMachine Free Remote Code Execution
pMachine Pro / pMachine Free Remote Code Execution vendor website: http://www.pmachine.com I. BACKGROUND PMachine is one of the most flexible & creative on-line publishing tools available. With PMachine you can publish any kind of web content - from a basic weblog to an advanced, interactive...
ss11012005.txt
/ / / \ / / / / / \ \ \ \ / / / / / \ / / // / / / / / / / / / // // / / / // / / / / // , / // / /// // //// // ,/ // / // \ / / / // / / // / /// , / // Ref: SS11012005 SYSTEMSECURE.ORG - Advisory/Exploit PUBLIC ADVISORY Software: MPM Guestbook Pro 1.05 maybe all versions Link:...
phpcalendar.txt
GulfTech Security Research December 28th, 2004 Vendor : Sean Proctor URL : http://php-calendar.sourceforge.net/ Version : All Versions Risk : File Include Vulnerability Description: I was searching for a decent calendar which my group at school could use to keep track of events, etc. We were...
WHM-autopilot.txt
GulfTech Security Research December 28th, 2004 Vendor : Benchmark Designs, LLC URL : http://www.whmautopilot.com/ Version : WHM AutoPilot v2.4.6.5 && Others All Versions Risk : Multiple Vulnerabilities Description: Started by a webhost looking for more out of a simple managment script, Brandee...
CVE-2004-2341
PHP file include injection vulnerability in isearch.inc.php for iSearch allows remote attackers to execute arbitrary code via the isearchpath parameter...
DEBIAN-CVE-2004-2541
Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long include line that is later browsed by the target...
e107.pl.txt
| | | | | | |/ \ \ /\ / / | | | | \ V V / || ||/ // Security Group. -= e107 remote sploit =- by sysbug Attack method: with this sploit u can send an include vuln to a Host victim the upload go to /images/evil.php C:\Perl\binperl sploit.pl www.site.com -= e107 remote sploit =- by sysbug...
php-Calendar File Include Vulnerability [ Command Exec ]
GulfTech Security Research December 28th, 2004 Vendor : Sean Proctor URL : http://php-calendar.sourceforge.net/ Version : All Versions Risk : File Include Vulnerability Description: I was searching for a decent calendar which my group at school could use to keep track of events, etc. We were...
Multiple WHM Autopilot Vulnerabilities
GulfTech Security Research December 28th, 2004 Vendor : Benchmark Designs, LLC URL : http://www.whmautopilot.com/ Version : WHM AutoPilot v2.4.6.5 && Others All Versions Risk : Multiple Vulnerabilities Description: Started by a webhost looking for more out of a simple managment script, Brandee...
e107 include() Remote Exploit
No description provided by source. | | | | | | |/ \ \ /\ / / | | | | \ V V / || ||/ // Security Group. -= e107 remote sploit =- by sysbug Attack method: with this sploit u can send an include vuln to a Host victim the upload go to /images/evil.php C:\Perl\binperl sploit.pl www.site.com -= e107...
Apache Httpd < 1.3.33 : mod_include overflow
A buffer overflow in modinclude could allow a local user who is authorised to create server side include SSI files to gain the privileges of a httpd child...
PT-2004-1967 · Apache · Apache +1
Name of the Vulnerable Software and Affected Versions: Apache versions 1.3.x through 1.3.32 Description: The issue is related to a buffer overflow in the get tag function in mod include, which allows local users who can create SSI documents to execute arbitrary code as the apache user. This can b...
CoolPHP 1.0 - Multiple Remote Input Validation Vulnerabilities
CoolPHP 1.0 - Multiple Remote Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/11437/info Reportedly CoolPHP is affected by multiple remote input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input pri...
CoolPHP 1.0 - Multiple Remote Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/11437/info Reportedly CoolPHP is affected by multiple remote input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input prior to using it to make critical actions. An attacker can levera...
PHPLinks 2.1.x - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/11329/info PHPLinks is reported prone to multiple input validation vulnerabilities. A file include vulnerability is reported to affect the 'index.php' script. This may allow an attacker to include and execute arbitrary PHP scripts. Code execution will occ...