E-Guest 1.1 - Server Side Include Arbitrary Command Execution

E-Guest 1.1 - Server Side Include Arbitrary Command Execution source: https://www.securityfocus.com/bid/5129/info E-Guest guest book is a freely available, open source guest book. It is designed for Unix and Linux operating systems. E-Guest does not adequately sanitize user-supplied input in gues...

ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution

ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution source: https://www.securityfocus.com/bid/5028/info Zeroboard is a PHP web board package available for the Linux and Unix platforms. Under some circumstances, it may be possible to include arbitrary PHP files. The head.php file does not...

MakeBook 2.2 - Form Field Input Validation

MakeBook 2.2 - Form Field Input Validation source: https://www.securityfocus.com/bid/4996/info The MakeBook guestbook software does not sufficiently sanitize potentially dangerous characters from form field input. This may enable attackers to inject arbitrary HTML into form fields, which will be...

CVE-2001-1054

The CVE-2001-1054 vulnerability affects PHPAdsNew, allowing a remote attacker to include arbitrary PHP files hosted on third‑party servers via an HTTP request that sets the includedir variable. This constitutes a Remote File Inclusion flaw in the PHPAdsNew helperfunction.php context, enabling arb...

Abe Timmerman - zml.cgi File Disclosure

Abe Timmerman - zml.cgi File Disclosure source: https://www.securityfocus.com/bid/3759/info zml.cgi is a perl script which can be used to support server side include directives under Apache. It recognizes a simple set of commands, and allows access to cgi parameters and environment variables. It...

Обратный петь в директории PHPNuke/Gallery (directory traversal)

Обрытный путь в параметре include PHP-скрипта modules.php...

NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability

NSFOCUS Security AdvisorySA2001-06 Topic: Microsoft IIS ssinc.dll Buffer Overflow Vulnerability Release DateЈє 2001-08-17 CVE CAN ID : CAN-2001-0506 BUGTRAQ ID : 3190 Affected system: ================ - Microsoft IIS 4.0 - Microsoft IIS 5.0 Impact: ========= NSFOCUS Security Team has found a buff...

Basilix Webmail 1.0 - File Disclosure

Basilix Webmail 1.0 - File Disclosure source: https://www.securityfocus.com/bid/2995/info Basilix is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. During operation, Basilix opens a PHP include file using a variable as...

Basilix Webmail 1.0 - File Disclosure

source: https://www.securityfocus.com/bid/2995/info Basilix is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. During operation, Basilix opens a PHP include file using a variable as the filename that can be supplied...

(SRADV00010) Remote command execution vulnerabilities in SquirrelMail

================================================= Secure Reality Pty Ltd. Security Advisory 10 SRADV00010 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in SquirrelMail Released 2/7/2001 Vulnerable Versions up to an...

CVE-2001-0043

phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgwinfo parameter of the phpgw.inc.php program...

SRADV00006.txt

================================================= Secure Reality Pty Ltd. Security Advisory 6 SRADV00006 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in phpGroupWare Released 6/11/2000 Vulnerable Versions below...

ssibug

ssi server sides include is a cgi proggie that comes by default with thttpd web server, I am not sure about others. ssi has a nasty bug with regards to the PATHTRANSLATED env var. As you can see the contents of PATHTRANSLATED get copied into pathtranslated which get's fopen'ed later. It does no...

CVE-1999-0561

CVE-1999-0561 affects IIS where the #exec function is enabled for Server Side Include (SSI) files. The root cause is the SSI #exec handling, enabling potential command execution. Affected product: IIS; vulnerability details and exploitation status are not fully provided in the supplied documents....

CVE-1999-0561

IIS has the exec function enabled for Server Side Include SSI files...

The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include

The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Matt Wright...

CVE-1999-0561

IIS has the exec function enabled for Server Side Include SSI files...

PT-1996-1019 · Sendmail · Sendmail

Name of the Vulnerable Software and Affected Versions: Sendmail affected versions not specified Description: The issue allows local users to write to a file and gain group permissions via a .forward or :include: file. Recommendations: At the moment, there is no information about a newer version...