376 matches found
Prototype of an PHP application 0.1 param/param.inc.php path_inc Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...
Prototype of an PHP application 0.1 gestion/index.php path_inc Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...
MODx CMS <= 0.9.2.1 (FCKeditor) Remote File Include Vulnerability
No description provided by source. +------------------------------------------------------------------------------------------- + MODx CMS 0.9.2.1 basepath Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Affected...
Prototype of an PHP application 0.1 ident/index.php path_inc Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...
Prototype of an PHP application 0.1 ident/identification.php path_inc Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...
Prototype of an PHP application 0.1 plugins/phpgacl/index.php path_inc Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...
Prototype of an PHP application 0.1 index.php path_inc Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...
Prototype of an PHP application 0.1 ident/loginmodif.php path_inc Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...
Prototype of an PHP application 0.1 common.inc.php path_inc Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...
Prototype of an PHP application 0.1 ident/disconnect.php path_inc Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...
Revive Adserver < 3.0.5 Multiple CSRF Vulnerabilities
According to its version number, the Revive Adserver install hosted on the remote web server is affected by multiple cross-site request forgery CSRF vulnerabilities. This can allow an attacker to delete data and cause service disruptions by enticing an authenticated user to follow a crafted URL...
Medium: php54
Issue Overview: A denial of service flaw was found in the way the File Information fileinfo extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. Affected Packages: php54 Issue Correction:...
Senior PHP application vulnerability auditing techniques-vulnerability warning-the black bar safety net
Senior PHP application vulnerability auditing techniques Foreword Traditional code auditing techniques PHP version and application code audit Other factors and application code audit The expansion of our dictionary The variable itself is the key Variable coverage Traverse initialize variables...
[bWAPP] an extremely buggy web application!
bWAPP, or a buggy web application, is a deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so uniqu...
Automated NoSQL Database Injection Attacks: NoSQLMap
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...
PHP 5.4.x < 5.4.23 OpenSSL openssl_x509_parse() Memory Corruption
According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.23. It is, therefore, potentially affected by a memory corruption flaw in the way the opensslx509parse function of the PHP OpenSSL extension parsed X.509 certificates. A remote attacker could...
PHP5 -- memory corruption in openssl_x509_parse()
Stefan Esser reports: The PHP function opensslx509parse uses a helper function called asn1timetotimet to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes...
Cacti < 0.8.8b Command and SQL Injections
According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.8b. It is, therefore, potentially affected by command injection and SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input to...
Gallery 3.0.x < 3.0.9 Multiple Vulnerabilities
According to its version number, the Gallery install hosted on the remote web server is affected by multiple vulnerabilities : - A security bypass vulnerability exists in the 'flowplayer.swf.php' script. - The application is affected by multiple information disclosure vulnerabilities in the...
php-Charts Detection
php-Charts, a PHP application for creating chart images on a web server, is hosted on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid67173; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...