CVE-2006-4327

CVE-2006-4327 concerns CloudNine Interactive Links Manager (version 2006-06-12). The vulnerability is a cross-site scripting (XSS) flaw in add_url.php, where the parameters title, description, and keywords are not properly sanitized, allowing remote attackers to inject arbitrary web script or HTM...

CVE-2006-4328

CloudNine Interactive Links Manager 2006-06-12 is affected by an SQL injection in admin.php via the nick parameter when magic_quotes_gpc is off. The vulnerability allows remote attackers to execute arbitrary SQL commands, as documented in multiple sources (eVuln/SECURITYVULNS entries). The issue ...

CVE-2006-4327

Multiple cross-site scripting XSS vulnerabilities in addurl.php in CloudNine Interactive Links Manager 2006-06-12 allow remote attackers to inject arbitrary web script or HTML via the 1 title, 2 description, or 3 keywords parameters...

CVE-2006-4328

SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter...

outpostPwn.txt

Hi, all current available "Outpost Firewall" versions do have severe vulnerabilities, every local user is able to run programs under the very high privileged LocalSystem account. Steps to reproduce: 1. create an empty text file e.g. "empty.txt" 2. create a batch file which will open a command...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 pathfile parameter in a p-editpage.php and b p-editbox.php, and the 2 mytheme and 3 myskin...

Remote file inclusion

PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter...

CVE-2006-2744

PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter...

CVE-2006-2745

Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 pathfile parameter in a p-editpage.php and b p-editbox.php, and the 2 mytheme and 3 myskin...

CVE-2006-2745

CVE-2006-2745 describes multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier when register_globals is enabled. An attacker can cause arbitrary PHP code execution by specifying a URL in (1) the pathfile parameter of (a) p-editpage.php and (b) p-editbox.php...

CVE-2006-2746

The vulnerability is in F@cile Interactive Web 0.8.5 and earlier, where multiple XSS flaws exist. Specifically, the application accepts user-supplied input through (1) lang in index.php and (2) mytheme and (3) myskin in various p-themes’ index.inc.php files (including lowgraphic, classic, puzzle,...

CVE-2006-2744

PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter...

CVE-2006-2745

Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 pathfile parameter in a p-editpage.php and b p-editbox.php, and the 2 mytheme and 3 myskin...

CVE-2006-2746

Multiple cross-site scripting XSS vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 lang parameter in index.php, and the 2 mytheme and 3 myskin parameters in multiple "p-themes" index.inc.php files including c...

CVE-2006-2744

CVE-2006-2744 affects F@cile Interactive Web versions 0.8.41–0.8.5. The vulnerability is a PHP remote file inclusion via the l parameter in p-popupgallery.php, allowing remote code execution. Affected component is the PHP code path handling URL input; exploitation would grant an attacker remote P...

Advisory: F@cile Interactive Web <= 0.8x Multiple Remote Vulnerabilities.

--Security Report-- Advisory: F@cile Interactive Web = 0.8x Multiple Remote Vulnerabilities. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 27/05/06 05:57 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: Facile...

F@cile Interactive Web 0.8x - Remote File Inclusion Cross-Site Scripting

F@cile Interactive Web 0.8x - Remote File Inclusion Cross-Site Scripting F@cile Interactive Web ICQ: 10072 MSN/Mail: [email protected] web: www.nukedx.com This exploits works on F@cile Interactive Web = 0.8x Original advisory can be found at: http://www.nukedx.com/?viewdoc=35 File Inclusion...

[email protected] Interactive Web <= 0.8x Remote (Include / XSS) Vulnerabilities

Exploit for unknown platform in category web applications ===================================================================== email protected Interactive Web = 0.8x Remote Include / XSS Vulnerabilities ===================================================================== email protected...

F@cile Interactive Web 0.8x - Remote File Inclusion / Cross-Site Scripting

F@cile Interactive Web ICQ: 10072 MSN/Mail: [email protected] web: www.nukedx.com This exploits works on F@cile Interactive Web = 0.8x Original advisory can be found at: http://www.nukedx.com/?viewdoc=35 File Inclusion Vulnerabilities...

Internet Explorer DHTML object vulnerability

Added: 04/25/2006 CVE: CVE-2005-0553 BID: 13120 OSVDB: 15465 Background Dynamic HTML DHTML allows the creation of interactive web pages. Problem Race conditions in various DHTML methods could allow command execution when a specially crafted web page is loaded in Internet Explorer. Resolution Appl...