Lucene search
K

727 matches found

securityvulns
securityvulns
added 2006/05/09 12:0 a.m.29 views

PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities

!/usr/bin/php -q -d shortopentag=on ? echo "PHPFusion = v6.00.306 avatar modmime arbitrary file upload &rn"; echo "local inclusion vulnerabilitiesrn"; echo "by rgod [email protected]"; echo "site: http://retrogod.altervista.orgrnrn"; if $argc6 echo "Usage: php ".$argv0." host path user pass cm...

Exploits0
Tenable Nessus
Tenable Nessus
added 2006/05/03 12:0 a.m.35 views

Invision Power Board 2.x.x < 04-25-06 Multiple Vulnerabilities

The installation of Invision Power Board on the remote host fails to sanitize input to the 'ck' parameter of the 'index.php' script before using it in database queries. An unauthenticated attacker may be able to leverage this issue to disclose sensitive information, modify data, or launch attacks...

6.4CVSS5.4AI score0.07853EPSS
Exploits0References5
Prion
Prion
added 2006/04/27 11:2 p.m.16 views

Sql injection

SQL injection vulnerability in portfoliophotopopup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the countclick function in includes/functions/fnsstd.php. NOTE: this issue could...

6.8CVSS9.1AI score0.01705EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2006/04/27 11:0 p.m.15 views

CVE-2006-2080

SQL injection vulnerability in portfoliophotopopup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the countclick function in includes/functions/fnsstd.php. NOTE: this issue could...

8.3AI score0.01705EPSS
Exploits1References9
NVD
NVD
added 2006/04/17 10:2 a.m.24 views

CVE-2006-1794

SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via 1 the $username variable in the mosGetParam function and 2 the $task parameter in the mosMenuCheck function in a includes/mambo.php; and 3 the $filter...

7.6CVSS8.2AI score0.05527EPSS
Exploits3References9
Prion
Prion
added 2006/04/17 10:2 a.m.25 views

Sql injection

SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via 1 the $username variable in the mosGetParam function and 2 the $task parameter in the mosMenuCheck function in a includes/mambo.php; and 3 the $filter...

7.6CVSS8.5AI score0.05527EPSS
Exploits3References9Affected Software1
Positive Technologies
Positive Technologies
added 2006/04/10 12:0 a.m.5 views

PT-2006-2671 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MDPro versions prior to 1.076 Description: The issue allows remote attackers to obtain the full path of the server via a direct request to "includes/legacy.php". Recommendations: For versions prior to 1.076, consider restricting access...

6.4CVSS6.6AI score0.01491EPSS
Exploits0References8
CVE
CVE
added 2006/04/04 10:0 a.m.110 views

CVE-2006-1602

CVE-2006-1602 describes a PHP remote file inclusion in includes/functions_common.php within the VWar Account module (vWar_Account) of PHPNuke Clan 3.0.1. The vulnerability allows remote attackers to include arbitrary files via a URL supplied to the vwar_root2 parameter. The issue is scoped to the...

7.5CVSS6.6AI score0.01838EPSS
Exploits0References6Affected Software1
OpenVAS
OpenVAS
added 2006/03/26 12:0 a.m.27 views

The Includer remote command execution flaw

The remote web server contains a PHP script that is affected by a remote code execution vulnerability. The remote host is running The Includer, a PHP script for emulating server-side includes. The version of The Includer installed on the remote host allows an attacker to execute arbitrary shell...

7.5CVSS0.8AI score0.09906EPSS
Exploits1References2
CVE
CVE
added 2006/03/09 11:0 a.m.40 views

CVE-2006-1104

Pixelpost

7.5CVSS8.5AI score0.01477EPSS
Exploits1References7Affected Software1
exploitpack
exploitpack
added 2006/03/07 12:0 a.m.11 views

LoudBlog 0.41 - index.php?template Traversal Arbitrary File Access

LoudBlog 0.41 - index.php?template Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure...

Exploits0
OSV
OSV
added 2006/03/03 11:2 a.m.1 views

DEBIAN-CVE-2006-0986

WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 default-filters.php, 2 template-loader.php, 3 rss-functions.php, 4 locale.php, 5 wp-db.php, and 6 kses.php in the wp-includes/ directory; and 7 edit-form-advanced.php, 8...

5CVSS6.6AI score0.03206EPSS
Exploits1References1
OSV
OSV
added 2006/03/03 11:2 a.m.10 views

CVE-2006-0986

WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 default-filters.php, 2 template-loader.php, 3 rss-functions.php, 4 locale.php, 5 wp-db.php, and 6 kses.php in the wp-includes/ directory; and 7 edit-form-advanced.php, 8...

4.9AI score
Exploits0References8
Prion
Prion
added 2006/03/03 11:2 a.m.29 views

Directory traversal

WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 default-filters.php, 2 template-loader.php, 3 rss-functions.php, 4 locale.php, 5 wp-db.php, and 6 kses.php in the wp-includes/ directory; and 7 edit-form-advanced.php, 8...

5CVSS6AI score0.03308EPSS
Exploits2References6Affected Software1
CVE
CVE
added 2006/02/15 11:0 a.m.48 views

CVE-2006-0697

Zen Cart before 1.2.7 is affected by CVE-2006-0697 due to insufficient protection of the admin/includes directory. The vulnerability, described in the NVD entry, allows remote attackers to trigger unknown impact via unspecified vectors (likely direct requests) with a CVSS v2 base score of 10.0 (H...

10CVSS6.8AI score0.05237EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2006/01/31 12:0 a.m.27 views

Etomite CMS &quot;Backdoored&quot;

/ Package: Etomite Content Management System Auth: http://www.etomite.org/ Versions: 0.6 / previous versions may also be backdoored Vulnerability Type: Remote Code Execution / Disclaimer: --------- The information is provided "as is" without warranty of any kind. The author of this issue shall no...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2006/01/28 12:0 a.m.33 views

Уязвимость в Randshop &lt;V1_1

Здравствуйте, vuln. Извиняйте за ошибки и неточности описаний еще не писал никогда. Из-того что сам обнаружил, дыру уже закрыли.- после 2 недельной переписки и убеждения что дыры все же есть В randshop v11 и ниже Множественные php-инклуды http://host/admin/zahlungsart/index.php?dateiPfad...

7.2AI score
Exploits0
exploitpack
exploitpack
added 2005/12/30 12:0 a.m.24 views

CubeCart 3.0.6 - Remote Command Execution

CubeCart 3.0.6 - Remote Command Execution !/usr/bin/perl cijfer-ccxpl - CubeCart All rights reserved. 1. example cijfer@kalma:/research$ perl ./cijfer-ccxpl.pl -h www.xxx.com -d [email protected] /$ id;uname -a uid=48apache gid=48apache groups=48apache,2523psaserv Linux server.xxx.com...

7.7AI score
Exploits0
NVD
NVD
added 2005/12/05 12:3 a.m.14 views

CVE-2005-3997

Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including 1 graphs/bannerdaily.php, 2 graphs/bannerinfobox.php, 3 graphs/banneryearly.php, 4 graphs/bannermonthly.ph...

2.6CVSS6.3AI score0.01976EPSS
Exploits0References15
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.22 views

vBulletin Init.PHP unspecified vulnerability

The remote host is running vBulletin, a web based bulletin board system written in PHP. The remote version of this software is vulnerable to an unspecified issue. It is reported that versions 3.0.0 through to 3.0.4 are prone to a security flaw in 'includes/init.php'. Successful exploitation...

0.2AI score
Exploits0References1
Rows per page
Query Builder