CVE-2003-0863

CVE-2003-0863 affects PHP 4.3.x: php_check_safe_mode_include_dir returns success (0) when safe_mode_include_dir is not configured, differing from the prior failure and potentially enabling remote file include vulnerabilities in PHP applications. The applicable remediation cited in connected docum...

Simpnews include file Vulnerability

original File name : PUPET-simpnews.txt date releases : july 15, 2003 Informations : ========================= Advisory Name: Simpnews include file Vulnerability Author: PUPET [email protected] Discover by: PUPET [email protected] Website vendor : http://www.boesch-it.de/ Versions : tested on V2.01 -...

PHP-Include-Hack-Possibility in phpforum 2 RC-1

================================================ ------------------------------------------------ ------------www.bright-shadows.net------------ ------------------------------------------------ --------------theblacksheep&erik-------------- ------------------------------------------------...

phpBB 2.0.4 Remote php File Include Exploit

No description provided by source. // / phpBB 2.0.4 Remote AdminStyles.PHP ThemeInfo.CFG File Include / / / / Exploit made on June 2003 by Spoofed Existence / / / / Patch : http://www.phpbb.com/phpBB/viewtopic.php?t=113826 / // include stdio.h include sys/types.h include sys/socket.h include...

compaq.txt

SSI vulnerability in Compaq Web Based Management Agent ====================================================== Type of vulnerabilities: Server Side Include injection. Exploitable. Stack overflows and access violations. Exploitable? Creation of script objects. Exploitable? Affected Software: Compaq...

pMachine (PHP) : Include() Security Hole

Informations : °°°°°°°°°°°°° Language : PHP Version : Free 2.2.1 Website : http://www.pmachine.com Problem : Include Security Hole PHP Code/Location : °°°°°°°°°°°°°°°°°°° This will work if registerglobals is ON OR OFF. /pm/lib.inc.php : ------------------------------------------------------------...

pMachine.txt

Informations : °°°°°°°°°°°°° Language : PHP Version : Free 2.2.1 Website : http://www.pmachine.com Problem : Include Security Hole PHP Code/Location : °°°°°°°°°°°°°°°°°°° This will work if registerglobals is ON OR OFF. /pm/lib.inc.php : ------------------------------------------------------------...

CVE-2003-0224

Buffer overflow in ssinc.dll for Microsoft Internet Information Services IIS 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include SSI directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."...

P-Synch 6.2.5 - Multiple Vulnerabilities

P-Synch 6.2.5 - Multiple Vulnerabilities P-Synch Multiple Vulnerabilities Vendor: M-Tech Identity Management Solutions Product: P-Synch Version: VBScript, JScript etc https://path/to/psynch/nph-psa.exe?css="VBScript, JScript etc File Include Vulnerability:...

S21SEC-016 - Vignette SSI Injection

ID: S21SEC-016-en Title: Vignette SSI Injection Date: 15/03/2003 Status: Vendor contacted and solution available Scope: SSI Execution, In some cases Remote command execution Platforms: All Author: rpinuaga Location: http://www.s21sec.com/es/avisos/s21sec-016-en.txt Release: External S 2 1 S E C...

PHP source code injection in BLNews

Product: BLNews Version: 2.1.3 OffSite: http://www.blnews.de/ Problem: PHP source code injection -------------------------------------------- Vulnerability: ------------admin/objects.inc.php4------------ if $itheme!="blubb" include"$Serverpath/admin/tools.inc.php4";...

PHP source code injection in BLNews

Product: BLNews Version: 2.1.3 OffSite: http://www.blnews.de/ Problem: PHP source code injection -------------------------------------------- Vulnerability: ------------admin/objects.inc.php4------------ if $itheme!="blubb" include"$Serverpath/admin/tools.inc.php4";...

IdeaBox: Remote Command Execution

=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: IdeaBox: Remote Command Execution product: IdeaBox 1.0 vendor: http://ideabox.phpoutsourcing.com risk: high date: 04/25/2k3 discovered by: euronymous /F0KP advisory urls: http://f0kp.iplus.ru/bz/022.en.txt http://f0kp.iplus.ru/bz/022.ru.tx...

Immunity Canvas: GALLERY1_INCLUDE

Name| gallery1include ---|--- CVE| CVE-2002-1412 Exploit Pack| CANVAS Description| Gallery 1.2.5 = Remote File Include Notes| CVSS: 7.5 Repeatability: Infinite VENDOR: GNU CVE Url: https://vulners.com/cve/CVE-2002-1412 CVE Name: CVE-2002-1412...

PHPSysInfo 2.0/2.1 - 'index.php' LNG File Disclosure

source: https://www.securityfocus.com/bid/7286/info PHPSysInfo has been reported to be vulnerable to a file disclosure issue. Local users may be capable of influencing the include path for PHPSysinfo language include files. If the malicious language file is symlinked to a web server readable file...

PHPSysInfo 2.02.1 - index.php LNG File Disclosure

PHPSysInfo 2.02.1 - index.php LNG File Disclosure source: https://www.securityfocus.com/bid/7286/info PHPSysInfo has been reported to be vulnerable to a file disclosure issue. Local users may be capable of influencing the include path for PHPSysinfo language include files. If the malicious langua...

CVE-2002-0149

Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names...

CVE-2002-0149

CVE-2002-0149 concerns a buffer overflow in the IIS ASP Server-Side Include (SSI) processing when handling long file names. The issue affects Microsoft IIS 4.0, 5.0 and 5.1, and can allow a remote attacker to crash the server or potentially execute arbitrary code via crafted SSI inputs. Multiple ...

CuteNews Multiple Script cutepath Parameter Arbitrary Command Execution

The version of CuteNews installed on the remote host fails to sanitize input to the 'cutepath' parameter before using it in various scripts to include PHP code. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server...

cPanel 5.0 - Openwebmail Local Privilege Escalation

cPanel 5.0 - Openwebmail Local Privilege Escalation source: https://www.securityfocus.com/bid/6885/info It has been reported that cPanels' openwebmail package, distributed as part of the cPanel CGI application, is vulnerable to an external file include vulnerability. Exploitation of this issue ma...