Zend Server 5.6.0 Script Insertion

!-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zend Data Cache 4.0 Zend Job Queue 4.0 Zend Debugger 5.3 Zend Java Bridg...

GAzie 5.20 - Cross-Site Request Forgery

======================================== GAzie Date: 5/02/2012 Site: http://www.giudinvx.altervista.org/ -------------------------------------------------------- @Application Info: Multicompany finance application written in PHP using a MySql database backend for small to medium enterprise. It le...

Cacti < 0.8.7g Multiple XSS and HTML Injection Vulnerabilities

According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.7g. It is, therefore, potentially affected by multiple cross-site scripting and HTML injection vulnerabilities. An attacker may be able to exploit these issues to inject...

op5 Config Arbitrary Command Execution

The version of op5 Config hosted on the remote web server is earlier than 2.0.3. As such, it contains a flaw on its welcome page that allows a remote, unauthenticated attacker to run arbitrary commands with root privileges simply by enclosing them in backticks in the password field. %NASLMINLEVEL...

TimThumb Arbitrary Code Injection

Binary data 6059.prm...

phpMyAdmin 3.4.x < 3.4.6 XSS (PMASA-2011-16)

The version of phpMyAdmin hosted on the remote server is 3.4.x prior to 3.4.6 and is affected by a cross-site scripting vulnerability. The 'Servers-0-verbose' parameter is not properly sanitized by methods in 'libraries/config/ConfigFile.class.php' as called by the script 'setup/index.php'...

eFront js/scripts.php 'load' Parameter Remote File Inclusion

The version of eFront running on the remote web server is affected by a remote file inclusion vulnerability due to improper sanitization of user-supplied input to the 'load' parameter of the js/scripts.php script before using it in a PHP include function call. An attacker can exploit this issue t...

aidSQL: A Tool to Find Vulnerable Spots in Web Sites !

aidSQL is a PHP application provided for detecting security holes in your websites. It is a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. Sample usage of aidsql: ./aidSQL --url=www.sample123.com We find it similar to nikto,...

Zen Cart index.php typefilter Parameter Traversal Local File Inclusion

The installed version of Zen Cart does not validate user-supplied input to the 'typefilter' parameter of the 'index.php' script. An unauthenticated, remote attacker can leverage this issue to read arbitrary files on the remote web server with the permissions that the web server process runs with...

Symphony 2.0.6 mode Parameter Local File Inclusion

The Symphony install on the remote host fails to sanitize user- supplied input to the 'mode' parameter in 'index.php' before using it to include PHP code. An unauthenticated attacker can exploit this vulnerability to view arbitrary files or possibly to execute arbitrary PHP code on the remote hos...

CVE-2009-4880

Multiple integer overflows in the strfmon implementation in the GNU C Library aka glibc or libc6 2.10.1 and earlier allow context-dependent attackers to cause a denial of service memory consumption or application crash via a crafted format string, as demonstrated by a crafted first argument to th...

Visitor Data Module for Joomla! X-Forwarded-For Header RCE

The version of the Visitor Data module for Joomla! running on the remote host is affected by a remote code execution vulnerability due to improper sanitization of user-supplied input to the X-Forwarded-For request header before passing it to the exec function. An unauthenticated, remote attacker...

Campsite TinyMCE plugin 'attachments.php' 'article_id' Parameter SQL Injection

The version of Campsite installed on the remote host fails to properly sanitize user-supplied input to the 'articleid' parameter of the 'javascript/tinymce/plugins/campsiteattachment/attachments.php' script. An unauthenticated, remote attacker can leverage this issue to launch a SQL injection...

eScan MWAdmin forgotpassword.php uname Parameter Arbitrary Command Execution

The version of MicroWorld eScan MWAdmin hosted on the remote web server fails to properly sanitize input to the 'uname' parameter of the 'forgotpassword.php' script before using it when calling 'exec'. A remote attacker could exploit this to execute arbitrary commands on the system. These command...

eFront 'langname' Parameter Traversal Local File Inclusion

The version of eFront running on the remote web server is affected by a local file inclusion vulnerability due to improper sanitization of user-supplied input to the 'langname' parameter of the language.php script before using it to include PHP code. Regardless of PHP's 'registerglobals' setting,...

SilverStripe CMS Running in Development Mode

The SilverStripe CMS install hosted on the remote web server appears to be running in development mode. When running in development mode, debugging tools are accessible without authentication, which could enable an attacker to gain sensitive information relating to the application. %NASLMINLEVEL...

OpenX install.php / install-plugin.php Admin Authentication Bypass

The version of OpenX hosted on the remote web server has an authentication bypass vulnerability. Sending a specially crafted request to install.php or install-plugin.php bypasses the normal authentication process. A remote attacker could exploit this to gain administrative access to the OpenX...

phpLDAPadmin cmd.php cmd Parameter Local File Inclusion

The version of phpLDAPadmin installed on the remote host fails to sanitize user-supplied input to the 'cmd' parameter when passed to the 'cmd.php' script before using it to include PHP code. Regardless of PHP's 'registerglobals' and 'magicquotesgpc' settings, an unauthenticated attacker may be ab...

CubeCart includes/content/viewProd.inc.php productId Parameter SQL Injection

The version of CubeCart running on the remote host has a SQL injection vulnerability. Input to the 'productId' parameter of is not properly sanitized in 'includes/content/viewProd.inc.php' before it is used in database queries. Regardless of PHP's 'magicquotesgpc' setting, a remote attacker could...

CMS Made Simple url Parameter Arbitrary File Access

The remote web server is hosting CMS Made Simple, a content management system written in PHP. The version of CMS Made Simple installed on the remote host fails to sanitize user-supplied input to 'url' parameter in script 'modules/Printing/output.php' before using it to display the contents of a...