6334 matches found
CVE-2007-1974
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...
CVE-2007-1974
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...
NullSoft WinAmp multiple security vulnerabilities
Multiple memory corruptions in different modules...
Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01
Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01 While developing one of our advanced security training modules, we identified a remotely exploitable buffer overflow vulnerability in the latest release of InterVetions' HTTP server NaviCopa 2.01. Successful exploitation of this...
MAMBO Modules SWmenu 4.0 (ImageManager.php) Remote File Include Vulnerabilities
MAMBO Modules SWmenu 4.0 ImageManager.php Remote File Include Vulnerabilities script : http://mamboxchange.com/frs/download.php/8109/comswmenufree4.0.zip file : /ImageManager/Classes/ImageManager.php Dork : index.php?option=comswmenupro Found by & Contact : Cold z3ro , [email protected] ,...
joomlamambo-rfi.txt
MAMBO Modules SWmenu 4.0 ImageManager.php Remote File Include Vulnerabilities script : http://mamboxchange.com/frs/download.php/8109/comswmenufree4.0.zip file : /ImageManager/Classes/ImageManager.php Dork : index.php?option=comswmenupro Found by & Contact : Cold z3ro , [email protected] ,...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the checkcsrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magicquotesgpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the 1 Projects, 2 Contacts, 3 Helpdesk, 4 Notes, 5 Search...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PHProjekt 5.2.0, when magicquotesgpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the 1 Projects, 2 Contacts, 3 Helpdesk, 4 Search only Gecko engine driven Browsers, and 5 Notes...
CVE-2007-0450
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
CVE-2007-0450
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
CVE-2007-0450
CVE-2007-0450 is a directory traversal vulnerability affecting Apache Tomcat (and Tomcat behind certain Apache proxies) where a crafted URI containing a dot-dot sequence and mixed separators (/, , and %5C) can cause unauthorized disclosure of arbitrary files. Affected products/versions include To...
n.runs-SA-2007.005 - PHProjekt 5.2.0 - Cross Site Request Forgery
n.runs AG http://www.nruns.com/ security at nruns.com n.runs-SA-2007.005 14-Mar-2007 Vendor: Mayflower GmbH, http://www.mayflower.de Affected Products: PHProjekt 5.2.0 Vulnerability: Cross Site Request Forgery Risk: HIGH Vendor communication: 2006/12/31 initial notification of Mayflower 2007/01/0...
CVE-2007-1240
Multiple cross-site scripting XSS vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via 1 the searchkey parameter to index.php, or the 2 sn or 3 ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information ...
CVE-2007-1240
CVE-2007-1240 involves multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5. The flaws allow remote attackers to inject arbitrary web script or HTML via specific parameters: (1) searchkey to index.php, and (2) sn or (3) ri to modules/htmlframechat/index.php. The d...
CVE-2007-1159
Cross-site scripting XSS vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
PT-2007-1918 · Apache +2 · Apache Tomcat +3
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server and Tomcat versions prior to 5.5.22 and 6.0.10 Tomcat versions prior to 5.5.22 and 6.0.10 Description: The issue allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 ...
Design/Logic Flaw
Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors...
CVE-2007-1035
The CVE-2007-1035 issue affects getID3 (1.7.1) as used with Drupal Mediafield/Audio modules. The remote vulnerabilities reside in the package’s demo scripts, enabling an unauthenticated attacker to read/delete arbitrary files, list directories, write files (including .mp3) and potentially execute...
Remote file inclusion
PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CCFG'PKGPATHMDLS' parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs befo...
Virtual Host Administrator Modules_Dir远程文件包含漏洞
Virtual Host Administrator是一款基于PHP的WEB应用程序。 Virtual Host Administrator不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'main.php'脚本对用户提交的'MODULESDIR'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 Inter7 vhostadmin 0.1 目前没有解决方案提供: http://www.inter7.com/index.php?page=vhostadmin...