690 matches found
GTCatalog 0.8.160.9 - Remote File Inclusion
GTCatalog 0.8.160.9 - Remote File Inclusion source: https://www.securityfocus.com/bid/6998/info GTCatalog is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remot...
D-Forum 1 - 'footer' Remote File Inclusion
source: https://www.securityfocus.com/bid/6879/info D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts. Under some circumstances, it is possible for remote...
D-Forum 1 - 'header' Remote File Inclusion
source: https://www.securityfocus.com/bid/6879/info D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts. Under some circumstances, it is possible for remote...
CVE-2002-0418
Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. dot dot and a null character in the paramname parameter...
CVE-2002-0434
Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter...
PVote 1.01.5 - Poll Content Manipulation
PVote 1.01.5 - Poll Content Manipulation source: https://www.securityfocus.com/bid/4540/info PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems. It is possible for a remote attacker to add/delete web polls just b...
poll_it.txt
The CGI is available from: http://www.cgi-world.com/pollit.html The bug takes place when calling the CGI and passing it parameters that overwrite settings initialized in the CGI: /cgi-bin/pollit/PollItSSIv2.0.cgi?datadir=/etc/passwd%00 Because the CGI initializes it's internal variables before...
Vulnerability in Poll_It cgi v2.0
This has already been sent to securityfocus.com and cgi-world.com. It is now listed at securityfocus.com at http://www.securityfocus.com/bid/1431. Original email that I sent is below: The CGI is available from: http://www.cgi-world.com/pollit.html The bug takes place when calling the CGI and...
Infonautic's getdoc.cgi may allow unauthorized access to documents
Message-ID: [email protected] Date: Tue, 11 Apr 2000 16:23:49 -0700 From: Black Watch Labs [email protected] To: [email protected] Subject: Infonautic's getdoc.cgi may allow unauthorized access to documents Hello Elias, As mentioned in the Friday, April 7 ema...
QuickCommerce 2.53.0 Cart32 2.5 a3.0 Shop Express 1.0 StoreCreator 3.0 Web Shopping Cart - Hidden Form Field
QuickCommerce 2.53.0 Cart32 2.5 a3.0 Shop Express 1.0 StoreCreator 3.0 Web Shopping Cart - Hidden Form Field E-Commerce Exchange QuickCommerce 2.5/3.0,McMurtrey/Whitaker & Associates Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability source:...