6337 matches found
PT-2007-4082
Name of the Vulnerable Software and Affected Versions OpenSSH affected versions not specified Description The issue allows remote attackers to determine the existence of certain user accounts. This is possible when OpenSSH is using OPIE One-Time Passwords in Everything for PAM. The system display...
tomcat directory traversal
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via 1 the formmail parameter to contact/contact/index.php; the 2 formmods or 3 formsearchterm parameter to search/list/actionsearch/index.php; 4 the id parameter to...
miniwebshop2-xss.txt
-=--------------------ADVISORY-------------------=- Mini Web Shop V.2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Mini Web Shop -=+ Version: 2 -=+ Vendor's URL: http://obiewebsite.sourceforge.net/o.php?MiniWebShop -=+ Platform:...
PMECMS 1.0 - config[pathMod] Remote File Inclusion
PMECMS = 1.0 Multiple Remote File Inclusion Vulnerabilities D.Script: http://www.pmecms.com/export/maj/PMECMSStandardos1.0.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc Exploit:Path/mod/image/index.php?configpathMod=Shell Exploit:Path/mod/liens/index.php?configpathMod=Shell...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the docroot parameter to 1 localize.php or 2 config.php in modules/admin/include/...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Modules Builder modbuild 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter to 1 config-bak.php or 2 config.php. NOTE: CVE disputes this vulnerability because the unmodified...
CVE-2007-2422
Multiple PHP remote file inclusion vulnerabilities in Modules Builder modbuild 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter to 1 config-bak.php or 2 config.php. NOTE: CVE disputes this vulnerability because the unmodified...
CVE-2007-2422
Multiple PHP remote file inclusion vulnerabilities in Modules Builder modbuild 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter to 1 config-bak.php or 2 config.php. NOTE: CVE disputes this vulnerability because the unmodified...
PT-2007-3754 · Comdev · Comdev One Admin Modules Builder
Name of the Vulnerable Software and Affected Versions: Comdev One Admin Modules Builder modbuild version 4.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter to 1 "config-bak.php" or 2 "config.php" endpoints. However, it's noted...
CVE-2007-2422
The CVE-2007-2422 issue affects Comdev One Admin Modules Builder (modbuild) v4.1. A PHP Remote File Inclusion vulnerability exists via the path[docroot] parameter to the endpoints (1) config-bak.php and (2) config.php, enabling remote code execution. Root cause notes indicate unmodified scripts s...
phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit
No description provided by source. !-- phpMySpace Gold v8.10 - Blind SQL/XPath Injection Exploit Vulnerable Variable: itemid Vulnerable File: modules/news/article.php Vulnerable: phpMySpace Gold v8.10 other versions should also be vulnerable Google d0rk: "Powered by phpMySpace Gold 8.10" John...
Firefly 1.1.01 - 'doc_root' Remote File Inclusion
firefly 1.1.01 = Remote File Include Vulnerablitiy D.Script: http://fresh.t-systems-sfr.com/unix/src/privat2/firefly-1.1.01.tar.gz Discovered by: Alkomandoz Hacker Homepage: asb-may.net & mohandko.com & sniper-sa.com & Tryag.com ====================================...
Remote file inclusion
PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System LMS 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter, a different vector than CVE-2007-1643...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supadbpath parameter to 1 commonfunctions.php, 2 adminauthcookies.php, 3 adminmods.php, 4 adminnews.php, 5 admintopics.php, 6 adminusers.php, 7...
Lms 1.5.x - 'RTMessageAdd.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/23611/info LMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also...
CVE-2007-2165
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...
CVE-2007-2165
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...
DEBIAN-CVE-2007-2165
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...
CVE-2007-2165
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as...