XOOPS 2.3.1 Multiple Local File Inclusion Vulnerabilities

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-040 Application: XOOPS Versions Affected: 2.3.1 Vendor URL: http://www.xoops.org/ Bug: Multiple Local File Include Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Date of Publ...

XOOPS 2.3.1 Local File Inclusions

Digital Security Research Group DSecRG Advisory DSECRG-08-040 Application: XOOPS Versions Affected: 2.3.1 Vendor URL: http://www.xoops.org/ Bug: Multiple Local File Include Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Date of Public Advisory: 08.12.2008 Authors:...

XOOPS 2.3.1 - Multiple Local File Inclusions

XOOPS 2.3.1 - Multiple Local File Inclusions Digital Security Research Group DSecRG Advisory DSECRG-08-040 Application: XOOPS Versions Affected: 2.3.1 Vendor URL: http://www.xoops.org/ Bug: Multiple Local File Include Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Da...

XOOPS 2.3.1 - Multiple Local File Inclusions

Digital Security Research Group DSecRG Advisory DSECRG-08-040 Application: XOOPS Versions Affected: 2.3.1 Vendor URL: http://www.xoops.org/ Bug: Multiple Local File Include Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Date of Public Advisory: 08.12.2008 Authors:...

NPDS < 08.06 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/33051/info NPDS is prone to multiple input-validation vulnerabilities: - Multiple local file-include vulnerabilities - An HTML-injection vulnerability - Multiple SQL-injection vulnerabilities - Multiple cross-site scripting vulnerabilities Exploiting thes...

Fantastico - index.php Local File Inclusion

Fantastico - index.php Local File Inclusion source: https://www.securityfocus.com/bid/32578/info Fantastico is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts ...

Pluck CMS 4.5.3 (g_pcltar_lib_dir) Local File Inclusion Vulnerability

No description provided by source. Hello, bugtraq. Digital Security Research Group DSecRG Advisory DSECRG-08-039 Application: Pluck CMS Versions Affected: 4.5.3 Vendor URL: http://www.pluck-cms.org/ Bug: Local File Include Exploits: YES Reported: 25.08.2008 Vendor Response: 30.08.2008 Solution: Y...

[DSECRG-08-039] Local File Include Vulnerability in Pluck CMS 4.5.3

Hello, bugtraq. Digital Security Research Group DSecRG Advisory DSECRG-08-039 Application: Pluck CMS Versions Affected: 4.5.3 Vendor URL: http://www.pluck-cms.org/ Bug: Local File Include Exploits: YES Reported: 25.08.2008 Vendor Response: 30.08.2008 Solution: YES Date of Public Advisory:...

DSECRG-08-039.txt

Hello, bugtraq. Digital Security Research Group DSecRG Advisory DSECRG-08-039 Application: Pluck CMS Versions Affected: 4.5.3 Vendor URL: http://www.pluck-cms.org/ Bug: Local File Include Exploits: YES Reported: 25.08.2008 Vendor Response: 30.08.2008 Solution: YES Date of Public Advisory:...

Pluck CMS 4.5.3 (g_pcltar_lib_dir) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ===================================================================== Pluck CMS 4.5.3 gpcltarlibdir Local File Inclusion Vulnerability ===================================================================== Hello, bugtraq. Digital Security...

phpfan-rfi.txt

remote file include script: phpfan 3.3.4 download from:http://ishallnotcare.org/mint/pepper/tillkruess/downloads/tracker.php?url=http%3A//scriptsextra.ishallnotcare.org/phpfanbasic334.zip ............................................................................ vul: includeonce $includepath...

Pluck CMS 4.5.3 - g_pcltar_lib_dir Local File Inclusion

Pluck CMS 4.5.3 - gpcltarlibdir Local File Inclusion Hello, bugtraq. Digital Security Research Group DSecRG Advisory DSECRG-08-039 Application: Pluck CMS Versions Affected: 4.5.3 Vendor URL: http://www.pluck-cms.org/ Bug: Local File Include Exploits: YES Reported: 25.08.2008 Vendor Response:...

Pluck CMS 4.5.3 - 'g_pcltar_lib_dir' Local File Inclusion

Hello, bugtraq. Digital Security Research Group DSecRG Advisory DSECRG-08-039 Application: Pluck CMS Versions Affected: 4.5.3 Vendor URL: http://www.pluck-cms.org/ Bug: Local File Include Exploits: YES Reported: 25.08.2008 Vendor Response: 30.08.2008 Solution: YES Date of Public Advisory:...

Immunity Canvas: JOOMLARSS_RFI

Name| joomlarssrfi ---|--- CVE| CVE-2008-5053 Exploit Pack| CANVAS Description| Joomla Simple RSS Reader Remote File Include Notes| CVSS: 10.0 Repeatability: Infinite VENDOR: Joomla CVE Url: https://vulners.com/cve/CVE-2008-5053 CVE Name: CVE-2008-5053...

bcoos 1.0.13 Remote File Include Vulnerability

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + bcoos 1.0.13 Remote File Include Vulnerability + + + + Discovered by DeltahackingTEAM + + + + WwW.DeltaHacking.Net + + + + + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ AUTHOR :...

Confluence administrators (who are not necessarily sys admins) can configure whitelist

A user who has the "Confluence Administrator" permission, but not necessarily the "System Administrator" permission, can configure the new URL whitelist for the HTML-include and RSS macros. Is this good enough, from a security point of view?...

bcoos-rfi.txt

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + bcoos 1.0.13 Remote File Include Vulnerability + + + + Discovered by DeltahackingTEAM + + + + WwW.DeltaHacking.Net + + + + + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ AUTHOR :...

phpGroupWare远程执行命令漏洞

由于它不正确的调用了include函数，可能允许包含远程的恶意文件，并导致 在受影响主机上执行任意命令。（以web server运行权限，通常是'nobody'） 由于phpGroupWare的库包含文件放在浏览器可访问的目录下，因此攻击者可以 直接调用这些包含文件，由于其中的一个包含文件phpgw.inc.php是用include 函数时是通过变量完成的，用户可以通过Web接口定义这个变量的内容，导致 远程主机上的文件可以被包含进来。如果攻击者设置一个有效的php文件，就 可能在受攻击的主机上执行任意命令。 有问题的代码部分，如下： include$phpgwinfo server...

MiniBB PathToFiles Parameter Remote File Include Vulnerability

The remote web server contains a PHP script that is affected by a remote file include issue. Description: The remote web server is running MiniBB, an open source forum software. The version of MiniBB installed on the remote host fails to sanitize input to the 'pathToFiles' parameter before using ...

Monster Top List Remote File Include

The remote web server contains a PHP application that is affected by a remote file include vulnerability. Description : The remote host is running Monster Top List, a site rating script written in PHP. The installed version of Monster Top List fails to sanitize user input to the 'rootpath'...