MySource CMS 2.16.2 - init_mysource.php Remote File Inclusion

MySource CMS 2.16.2 - initmysource.php Remote File Inclusion !/usr/bin/php -q -d shortopentag=on | | \\ | | | | | | \ //----------------------- | DEVIL TEAM - POLISH TEAM \/ http://www.rahim.webd.pl/ . .\ . \ / | | ||/ | || / \ | \ / /\ | | / | \ \ | |/ \ / \ | \ | || | | | | \ | / //\ |...

MySource CMS 2.16.2 - 'init_mysource.php' Remote File Inclusion

!/usr/bin/php -q -d shortopentag=on | | \\ | | | | | | \ //----------------------- | DEVIL TEAM - POLISH TEAM \/ http://www.rahim.webd.pl/ . .\ . \ / | | ||/ | || / \ | \ / /\ | | / | \ \ | |/ \ / \ | \ | || | | | | \ | / //\ | /|//|||| ||| /| / | | | | | \ | MySource CMS = 2.16.2...

CVE-2006-5036

MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sqremotepageurl parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting XSS attacks. NOTE: the researcher reports that "The...

CVE-2006-5037

MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sqcontentsrc parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting XSS attacks. NOTE: the researcher reports that "The vendor...

CVE-2006-5037

CVE-2006-5037 affects MySource Matrix versions after 3.8. The issue allows remote attackers to use the application as an HTTP proxy via a MIME-encoded URL in the sq_content_src parameter, enabling access to arbitrary sites using the server’s IP and enabling cross-site scripting (XSS). The PT-2006...

CVE-2006-5036

CVE-2006-5036 affects MySource Matrix 3.8 and earlier and MySource 2.x. The issue stems from the parameter sq_remote_page_url , which can be abused to make the application act as an HTTP proxy, enabling access to arbitrary sites using the server IP and enabling cross‑site scripting (XSS). Impact ...

CVE-2006-5037

MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sqcontentsrc parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting XSS attacks. NOTE: the researcher reports that "The vendor...

CVE-2006-5036

MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sqremotepageurl parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting XSS attacks. NOTE: the researcher reports that "The...

mysource 2.14.82.16 - Multiple Vulnerabilities

mysource 2.14.82.16 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/20153/info MySource products are prone to multiple input-validation vulnerabilities. Exploiting these issues will allow an attacker to manipulate the application into becoming an HTTP proxy and to conduct...

mysource 2.14.8/2.16 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/20153/info MySource products are prone to multiple input-validation vulnerabilities. Exploiting these issues will allow an attacker to manipulate the application into becoming an HTTP proxy and to conduct cross-site scripting attacks. An attacker may...

CVE-2006-4635

Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in WebExtensions - Notitia I/II. NOTE: due to lack of details, it is not...

CVE-2006-4635

Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in WebExtensions - Notitia I/II. NOTE: due to lack of details, it is not...

CVE-2006-4635

The CVE-2006-4635 entry affects MySource Classic 2.14.6 (and possibly earlier). It describes remote authenticated users with superuser privileges who can inject arbitrary PHP code via the Equation attribute in Web_Extensions - Notitia (I/II). The exact vulnerability type (file inclusion, static c...

[SA21757] MySource Classic Equation Attribute PHP Code Injection

TITLE: MySource Classic Equation Attribute PHP Code Injection SECUNIA ADVISORY ID: SA21757 VERIFY ADVISORY: http://secunia.com/advisories/21757/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: MySource Classic 2.x http://secunia.com/product/5773/ DESCRIPTION: A...

CVE-2005-3520

Multiple cross-site scripting XSS vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via 1 the targeturl parameter in upgradeinprogressbackend.php, 2 the stylesheet parameter in edittablecelltypewysiwyg.php, and the bgcolor parameter in 3...

CVE-2005-3519

Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the 1 INCLUDEPATH and 2 SQUIZLIBPATH parameters in newupgradefunctions.php, 3 the INCLUDEPATH parameter in initmysource.php, and the PEARPATH...

CVE-2005-3520

CVE-2005-3520 affects MySource 2.14.0 with multiple XSS weaknesses. The vulnerability is triggered via several parameters across PHP/HTML files: target_url (upgrade_in_progress_backend.php), stylesheet (edit_table_cell_type_wysiwyg.php), and bgcolor (insert_table.php, edit_table_cell_props.php, h...

CVE-2005-3519

Multiple PHP file inclusion vulnerabilities affect MySource 2.14.0. The flaws allow remote attackers to execute arbitrary PHP code and include arbitrary local files through include path parameters in new_upgrade_functions.php, init_mysource.php, and various files using INCLUDE_PATH, SQUIZLIB_PATH...

CVE-2005-3519

Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the 1 INCLUDEPATH and 2 SQUIZLIBPATH parameters in newupgradefunctions.php, 3 the INCLUDEPATH parameter in initmysource.php, and the PEARPATH...

CVE-2005-3520

Multiple cross-site scripting XSS vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via 1 the targeturl parameter in upgradeinprogressbackend.php, 2 the stylesheet parameter in edittablecelltypewysiwyg.php, and the bgcolor parameter in 3...