13 matches found
EUVD-2008-4406
Malware in sbrugna...
EUVD-2008-4408
Malware in sbrugna...
EUVD-2008-4407
Malware in sbrugna...
EUVD-2008-4509
Malware in sbrugna...
EUVD-2008-4409
Malware in sbrugna...
pPIM 1.01 - 'notes.php' Remote Command Execution
!/usr/bin/perl pPIM 1.01 notes.php id Remote Command Execution Exploit url: http://www.phlatline.org/docs/files/ppim.zip Author: Jose Luis Gongora Fernandez a.k.a JosS mail: sys-projectathotmaildotcom site: http://www.hack0wn.com/ team: Spanish Hackers Team - SHT thanks for the base code: CWH...
CVE-2008-4528
CVE-2008-4528 affects Phlatline’s Personal Information Manager (pPIM) 1.01. The issue is a directory traversal in notes.php where an attacker can cause inclusion and execution of arbitrary local files by supplying a ".." in the id parameter during an edit action. This relies on improper handling ...
CVE-2008-4528
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager pPIM 1.01 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the id parameter in an edit action...
CVE-2008-4428
Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager pPIM 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory...
Authentication flaw
changepassword.php in Phlatline's Personal Information Manager pPIM 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords...
CVE-2008-4425
CVE-2008-4425 concerns Phlatline’s Personal Information Manager (pPIM) 1.0. The vulnerability is a directory traversal issue in upload.php (action delfile) that allows a remote attacker to delete arbitrary files by manipulating the file parameter. Documented impact includes the ability to delete ...
CVE-2008-4426
Phlatline's Personal Information Manager (pPIM) 1.0 contains a Cross-site Scripting (XSS) vulnerability in events.php. The flaw allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action. This is documented under CVE-2008-4426; multiple connected sources...
CVE-2008-4427
CVE-2008-4427 affects Phlatline’s Personal Information Manager (pPIM) up to version 1.0. The vulnerability is that changepassword.php does not require administrative authentication, enabling remote attackers to change arbitrary user passwords. This is the explicitly described impact in the CVE en...