News Script PHP Pro Cross-Site Request Forgery Vulnerability

News Script PHP Pro is a PHP/MySQL based web script from Simple PHP Scripts for displaying news on your website. A cross-site request forgery vulnerability exists in News Script PHP Pro 2.3. An attacker can exploit this vulnerability to add new users...

68KB 1.0.0rc4 - Remote File Inclusion

==================================================== 68KB v1.0.0rc4 Remote File Include Vulnerability ==================================================== Vendor: http://68kb.com download: http://github.com/68designs/68KB/downloads Author: eidelweiss Contact: g1xsystematwindowslive.com Original...

RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure

Hello, http://www.victimsite.com/index.php?&language=f00bar.php Warning: Failed opening '/var/www/html/admin/lang/f00bar.php' for inclusion includepath='.:/usr/share/pear' in /var/www/html/admin/settings.inc.php on line 147 This is path disclosure but it can also be used for malicious file includ...

CVE-2004-0388

The mysqldmulti script in MySQL allows local users to overwrite arbitrary files via a symlink attack...

MySQL insecure temporary file creation (mysqlbug)

Shaun Colley reports that the script mysqlbug' included with MySQL sometimes creates temporary files in an unsafe manner. As a result, an attacker may create a symlink in /tmp so that if another user invokes mysqlbug' and quits without making any changes, an arbitrary file may be overwritten with...