PBLang login.php lang Parameter Local File Inclusion

The remote host is running PBLang, a bulletin board system that uses flat files and is written in PHP. The version of PBLang installed on the remote host fails to sanitize user input to the 'lang' parameter before using it to include PHP code in 'login.php'. Regardless of PHP's 'registerglobals'...

CVE-2007-3096

Directory traversal vulnerability in login.php in PBLang PBL 4.67.16.a and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter...

Directory traversal

Directory traversal vulnerability in login.php in PBLang PBL 4.67.16.a and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter...

CVE-2007-0690

myEvent 1.6 allows remote attackers to obtain sensitive information via 1 a Log In action without a password to login.php, or an invalid 2 view or 3 monthno parameter to myevent.php, which reveals the path in various error messages...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 awards.php, 2 login.php, 3 register.php, 4 weapons.php, and possibly other unspecified files...

CVE-2007-2914

Multiple cross-site scripting XSS vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 awards.php, 2 login.php, 3 register.php, 4 weapons.php, and possibly other unspecified files...

CVE-2007-2914

Multiple cross-site scripting XSS vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 awards.php, 2 login.php, 3 register.php, 4 weapons.php, and possibly other unspecified files...

flap-rfi.txt

FlaP v.1.0. Beta / RFI CODE BUG2: Example1:http://victim.com/path/login.php?pachtofile=Sh3LL Script Script Download http://scripts.protoplex.ru/scriptsshow/1854.html Cyber-Security...

RedLevel Advisory #017 - PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities

PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities PsychoStats contains multiple cross-site scripting vulnerabilities that may be exploited through the URI. Vulnerable Files: awards.php, login.php, register.php, weapons.php - other files may also be susceptible to this vulnerabilit...

FlaP 1.0b - pachtofile Remote File Inclusion

FlaP 1.0b - pachtofile Remote File Inclusion FlaP v.1.0. Beta = Remote File Inclusion Vulnerability Vuln Code ERROR1:skin/html/table.php ? include "$pachtofile/leftmenu.php"; RFI CODE BUG1: Example1:http://victim.com/path/skin/html/table.php?pachtofile=Sh3LL Script...

Sql injection

Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the username parameter to login.php or 2 the taskid parameter to notes.php...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to 1 mtdialogo.php, 2 ltdialogo.php, 3 login.php, and 4 logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the a ETCDIR parameter to 1 libs/lom.php; 2 lomupdate.php, 3 check-lom.php, and 4 weighkeywords.php in scripts/; the b LIBSDIR parameter to 5 logout.php, 6 help.php...

CVE-2007-2609

CVE-2007-2609 affects gnuedu 1.3b2 with multiple PHP remote file inclusion vulnerabilities . An attacker can trigger arbitrary PHP code execution by supplying untrusted values to the ETCDIR parameter for files/libs (libs/lom.php; lom_update.php; check-lom.php; weigh_keywords.php; web/lom.php) and...

CVE-2007-2181

PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter, a different product and vector than CVE-2005-0748...

Netmao Movie network cat movie system vulnerabilities-vulnerability warning-the black bar safety net

IceskYsl in NOHACK published on the php vulnerabilities topic. The first is the include file vulnerability. So today I quickly found one, not exclusive to! Huh. Program: Netmao Movie network cat movie system. Description: now its latest version is 3. 0, due to the encryption, so it is not good to...

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities Vulnerable: NuclearBB Alpha 1 Google d0rk: "This forum is powered by NuclearBB" ============= String Inputs ============= ---------------------------- login.php - $POST'submit' ---------------------------- username=xyz...

nuclearbb-sql.txt

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities Vulnerable: NuclearBB Alpha 1 Google d0rk: "This forum is powered by NuclearBB" ============= String Inputs ============= ---------------------------- login.php - $POST'submit' ---------------------------- username=xyz...

NuclearBB Alpha 1 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/23555/info NuclearBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

CVE-2007-2011

CVE-2007-2011 is a Cross-site Scripting (XSS) vulnerability affecting DeskPro 2.0.1, exploitable via the username parameter in login.php. The issue is documented across multiple sources (NVD/NVD-derived entries, CVE lists, and related advisories) with a CVSS v2 base score of 4.3 (Medium) indicati...