292 matches found
Fool's Workshop Owl's Workshop 1.0 - 'readings/index.php' Arbitrary File Access
source: https://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI parameter. Upon successful exploitation of these issues, an attacker may be able t...
Fools Workshop Owls Workshop 1.0 - newmultiplechoice.php Arbitrary File Access
Fools Workshop Owls Workshop 1.0 - newmultiplechoice.php Arbitrary File Access source: https://www.securityfocus.com/bid/9689/info Owl's Workshop is reported prone to multiple remote file-disclosure vulnerabilities because the application fails to validate user-supplied input passed via a URI...
Yabb SE SQL Injection
Summary: YaBB SE is a PHP/MySQL port of the popular forum software YaBB yet another bulletin board. An SQL Injection vulnerability in the product allows a remote attacker to insert malicious SQL statements. Details: Vulnerable Systems: Yabb Se version 1.5.4 tested, 1.5.3tested maybe others Immune...
MatrikzGB Guestbook 2.0 - Administrative Privilege Escalation
MatrikzGB Guestbook 2.0 - Administrative Privilege Escalation source: https://www.securityfocus.com/bid/8430/info MatrikzGB Guestbook is prone to a vulnerability that may permit guestbook users to gain administrative rights. It is possible to exploit this issue by manipulating URI parameters...
WebJeff FileManager 1.6 - File Disclosure
WebJeff FileManager 1.6 - File Disclosure source: https://www.securityfocus.com/bid/7995/info A vulnerability has been reported for Filemanager that may result in the disclosure of arbitrary files. The vulnerability exists due to insufficient sanitization of user-supplied values for URI parameter...
CVE-2003-0243
Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the 1 normalhtml.cgi or 2 memberhtml.cgi scripts...
CVE-2002-0998
Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. dot dot sequences and null characters in the lang parameter, which is processed by a call to the include function...
CVE-2002-0923
CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the 1 pheader or 2 pfooter parameters in the "Advanced Settings" capability...
CVE-2001-1401
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in 1 processbug.cgi, 2 showactivity.cgi, 3 showvotes.cgi, 4 showdependencytree.cgi, 5 showdependencygraph.cgi, 6...
CVE-2002-0032
Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI...
CVE-2001-1095
CVE-2001-1095 describes a buffer overflow in the uuq utility on AIX 4, allowing local users to execute arbitrary code by supplying a long -r parameter. The available records (NVD, CVE List) confirm the affected platform and the vulnerable component, but do not provide concrete patch/version detai...
Hosting Controller 1.x - DSNManager Directory Traversal
Hosting Controller 1.x - DSNManager Directory Traversal source: https://www.securityfocus.com/bid/4759/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The DSNManager script does not...