SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities

The remote host is running SysCP, an open source control panel written in PHP. The version of SysCP installed on the remote host uses user-supplied input to several variables in various scripts without sanitizing it. Provided PHP's 'registerglobals' setting is enabled, an attacker can exploit the...

SysCP 1.2.x - Multiple Script Execution Vulnerabilities

SysCP 1.2.x - Multiple Script Execution Vulnerabilities source: https://www.securityfocus.com/bid/14490/info SysCP is affected by multiple script execution vulnerabilities. The following specific vulnerabilities were identified: The application is affected by a remote file include vulnerability. ...

SysCP 1.2.x - Multiple Script Execution Vulnerabilities

source: https://www.securityfocus.com/bid/14490/info SysCP is affected by multiple script execution vulnerabilities. The following specific vulnerabilities were identified: The application is affected by a remote file include vulnerability. An attacker can include remote script code and execute i...

yappang231.txt

GulfTech Security Research May 11th, 2005 Vendor : Fritz Berger URL : http://sourceforge.net/projects/yappa-ng/ Version : yappa-ng 2.3.1 && Earlier Risk : Multiple Vulnerabilities Description: Yappa-NG is the second generation new and improved version of Yappa yet another php photo album. There a...

Simplicity oF Upload download.php language Parameter Local File Inclusion

The remote host is running Simplicity oF Upload, a free PHP script to manage file uploads. The version of Simplicity oF Upload installed on the remote host fails to sanitize user-supplied input to the 'language' parameter of the 'download.php' script. By leveraging this flaw, an attacker may be...

apa-include.txt

Atomic Photo Album APA apaphpinclude.inc.php remote file include : ------------------------------------------------------------ Name: Atomic Photo Album APA Version: all Homepage: http://atomicpa.sourceforge.net/ Author: pclabs / lwdz - RandomHero Date: 20 July 2005...

CVE-2005-2319

CVE-2005-2319 describes a PHP remote file include vulnerability in the Yawp library (version 1.0.6 and earlier) as used in YaWiki and potentially other products. The issue allows attackers to include arbitrary files via the parameter _Yawp[conf_path] . Affected software: Yawp library 1.0.6 and ol...

CVE-2005-2319

PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the Yawpconfpath parameter...

CVE-2005-2319

PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the Yawpconfpath parameter...

CVE-2002-2065

WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root...

CVE-2002-2065

WebCalendar 0.9.34 and earlier is affected by an insecure include-file access vulnerability. When the product is built with “browsing in includes directory” enabled, remote attackers can read arbitrary .inc files from the web root. Root cause: insecure include-path handling allows reading local i...

sitepanel2.txt

GulfTech Security Research May 3rd, 2005 Vendor : Morgan Harvey URL : http://www.sitepanel2.com/ Version : 2.6.1 And Earlier Risk : Multiple Vulnerabilities Description: SitePanel2 is a helpdesk / trouble ticket / support system used by businesses and individuals alike. There are a number of...

Advisory 10/2005: Yawp/YaWiki Remote URL Include Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Yawp/YaWiki Remote URL Include Vulnerability Release Date: 2005/07/12 Last Modified: 2005/07/12 Author: Stefan Esser [email protected] Application: Yawp = 1.0.6 Severity...

phpSecurePages cfgProgDir Variable File Include Vulnerabilities

The remote host is running phpSecurePages, a PHP module used to secure pages with a login name / password. The installed version of phpSecurePages allows remote attackers to control the 'cfgProgDir' variable used when including PHP code in several of the application's scripts. By leveraging this...

osTicket < 1.3.1 Multiple Vulnerabilities

Binary data 3046.prm...

MyGuestbook 0.6.1 - Form.Inc.php3 Remote File Inclusion

MyGuestbook 0.6.1 - Form.Inc.php3 Remote File Inclusion source: https://www.securityfocus.com/bid/14155/info MyGuestbook is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue...

osTicket <= 1.3.1 Multiple Vulnerabilities

The version of osTicket installed on the remote host suffers from several vulnerabilities, including: - A Local File Include Vulnerability The application fails to sanitize user-supplied input to the 'inc' parameter in the 'view.php' script. An attacker may be able to exploit this flaw to run...

DEBIAN-CVE-2005-1526

PHP remote file inclusion vulnerability in configsettings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the configincludepath parameter...

FusionBB 0.x - Multiple Input Validation Vulnerabilities

FusionBB 0.x - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/13939/info FusionBB is affected by multiple vulnerabilities. These issues arise due to a failure of the application to properly sanitize user-supplied input. The following specific vulnerabilities...

FusionBB 0.x - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/13939/info FusionBB is affected by multiple vulnerabilities. These issues arise due to a failure of the application to properly sanitize user-supplied input. The following specific vulnerabilities were identified: The application is affected by a local fi...