vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting

source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is prone to multiple SQL injection, HTML injection, cross-site scripting...

CVE-2004-2541

Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long include line that is later browsed by the target...

CVE-2004-2541

Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long include line that is later browsed by the target...

Mambo Open Source / Joomla! GLOBALS Variable Remote File Include

The version of Mambo Open Source or Joomla! running on the remote host is affected by a remote file include vulnerability due to allowing the the GLOBALS variable array to be overwritten whenever the PHP 'registerglobals' setting is disabled. An unauthenticated, remote attacker can exploit this...

XOOPS xoopsConfig[language] Parameter Local File Inclusion (XOOPS_WFd205_xpl)

The remote installation of XOOPS fails to sanitize user-supplied input to the 'xoopsConfiglanguage' parameter of several xoopseditor scripts before using it in PHP 'include' functions. An unauthenticated attacker may be able to leverage these issues to read arbitrary local files and even execute...

CodeGrrl Applications Remote File Inclusion Vulnerabilities

The remote host appears to be running at least one of the PHP applications from CodeGrrl - PHPCalendar, PHPClique, PHPFanBase, or PHPQuotes. Under certain conditions, these applications fail to sanitize input to the 'siteurl' parameter of the 'protection.php' script before using it in a PHP...

PHPWCMS 1.2.5 -DEV - login.php?form_lang Traversal Arbitrary File Access

PHPWCMS 1.2.5 -DEV - login.php?formlang Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/15436/info phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issu...

PHPWCMS 1.2.5 -DEV - 'login.php?form_lang' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/15436/info phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to obtain sensitive information that may help with further attacks on...

PHPWCMS 1.2.5 -DEV - imgdir Traversal Arbitrary File Access

PHPWCMS 1.2.5 -DEV - imgdir Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/15436/info phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to obtain...

iCMS Remote File Include Vulnerability

iCMS Remote File Include Vulnerability Author: r0t hackers.by.lv Date: 14. nov 2005 software:iCMS vendor:http://www.cogilent.com/ software description: iCMS is an interactive Web Content Management System. The purpose of this product is to facilitate organizations that require power solutions to...

PCCS-Mysql User/Password Exposure

It is possible to read the include file of PCCS-Mysql, dbconnect.inc on the remote server. This include file contains information such as the username and password used to connect to the database. OpenVAS Vulnerability Test $Id: pccsmysqladm.nasl 8023 2017-12-07 08:36:26Z teissa $ Description:...

PhpGroupWare unspecified remote file include vulnerability

The remote host seems to be running PhpGroupWare, is a multi-user groupware suite written in PHP. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

BlackBoard Internet Newsboard System remote file include flaw

The remote version of BlackBoard Internet Newsboard System is vulnerable to a remote file include flaw due to a lack of sanitization of user-supplied data. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Calendarix Advanced <= 1.5 Multiple Vulnerabilities - Active Check

Calendarix is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2005 Josh Zlatin-Amishav Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2005-3332

PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter...

CVE-2005-3332

Vulnerability (CVE-2005-3332) in Belchior Foundry’s vCard 2.9: PHP remote file include in admin/define.inc.php allows an attacker to execute arbitrary PHP code via the match parameter. Multiple sources (NVD, Red Hat advisory, Nessus plugin) corroborate the flaw and impact. Affected software is th...

ATutor 1.x - print.php?section Remote File Inclusion

ATutor 1.x - print.php?section Remote File Inclusion source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks. ATuto...

ATutor 1.x - &#039;forum.inc.php&#039; Arbitrary Command Execution

source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks. ATutor 1.5.1-pl1 and prior versions are affected...

CVE-2005-3294

Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service crash by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected...

CVE-2005-3294

CVE-2005-3294 affects TYPSoft FTP Server 1.11 (and 1.10) with Sub Directory Include enabled, enabling remote DoS by sending multiple RETR commands that crash the server. Descriptions across CVE/NVD and multiple advisories/exploits confirm RETR-based denial of service; no remediation/patch details...