Almond Classifieds Ads Enterprise SQL Injection / XSS

-----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

phpMyAdmin Installation Not Password Protected

The version of phpMyAdmin installed on the remote web server allows unrestricted, unauthenticated access. This is likely due to setting the 'authtype' to 'config' and storing login credentials in the configuration file. A remote attacker could exploit this to execute arbitrary SQL queries, delete...

Zen Cart password_forgotten.php Admin Access Bypass

The version of Zen Cart installed on the remote host is affected by a design error that allows a remote attacker to bypass authentication and gain access to the application's admin section by appending '/passwordforgotten.php' to URLs. Successful exploitation of this vulnerability may lead to...

PHP application of Common Vulnerability analysis-vulnerability warning-the black bar safety net

Transfer from: WhyTT Not impregnable, as PHP is widely used, some hackers also at no time not looking for a PHP trouble, by the PHP application vulnerability to attack is one of them. In the section, we will from a global variable, remote file, file upload, library files, Session files, data type...

Drupal Theme System Template Local File Inclusion

The version of Drupal running on the remote web server fails to filter input to the 'templatefile' argument of the 'themerendertemplate' function before using it in 'includes/themes.inc' to include PHP code. When Drupal is running on a Windows host, an unauthenticated attacker can exploit this...

pPIM 1.0 Multiple Remote Vulnerabilities

No description provided by source. - -= pPIM Multiple Vulnerabilities =- Version Tested: pPIM 1.0 Vendor notified Full details can also be found at http://www.lampsecurity.org/node/18 Author: Justin C. Klein Keane [email protected] Description pPIM...

SquirrelMail HTTPS Session Cookie Secure Flag Weakness

The version of SquirrelMail installed on the remote host does not set the 'secure' flag for session cookies established when communicating over SSL / TLS. This could lead to disclosure of those cookies if a user issues a request to a host in the same domain over HTTP as opposed to HTTPS...

WordPress wp-includes/feed.php self_link() Function Host Header RSS Feed XSS

The version of WordPress installed on the remote host fails to properly sanitize input to the 'Host' request header before using it in the 'selflink' function in 'wp-includes/feed.php' to generate dynamic HTML output. An attacker can leverage this issue to inject arbitrary HTML and script code in...

TYPO3 Security Bulletin

It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.1.0 and all versions below Vulnerability Type: Cross-Site...

Free Articles Directory Remote File Inclusion Vulnerability

The remote web server contains a PHP application that is affected by a remote file include vulnerability. Description : The remote host is running Free Articles Directory, a CMS written in PHP. The installed version of Free Articles Directory fails to sanitize user input to the 'page' parameter i...

gCards Multiple Vulnerabilities

The remote web server contains a PHP application that is prone to multiple vulnerabilities. Description : The remote host is running gCards, a free electronic greeting card system written in PHP. The installed version of gCards fails to sanitize user input to the 'setLang' parameter in the...

Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability

The remote system contains a PHP application that is prone to remote file inclusions attacks. Description : Aardvark Topsites PHP is installed on the remote host. It is an open source Toplist management system written in PHP. The application does not sanitize user-supplied input to the...

phpMyAgenda version 3.0 File Inclusion Vulnerability

The remote web server contains a PHP application that is prone to remote and local file inclusions attacks. Description : phpMyAgenda is installed on the remote system. It's an open source event management system written in PHP. The application does not sanitize the 'rootagenda' parameter in some...

EyeOS <= 0.8.9 Command Execution Vulnerability

The remote system contains a PHP application that is prone to command execution flaws. Description : The remote system is running a vulnerable version of eyeOS. EyeOS is a web based operating system, which makes it possible to access data and applications remote by using a web-browser. The...

Coppermine Photo Gallery include/functions.inc.php _data Cookie lang Parameter Traversal Local File Inclusion

The version of Coppermine installed on the remote host fails to sanitize input to the 'lang' array element of its data cookie before using it in 'include/init.inc.php' to include PHP code. Provided the application's character set is set to 'utf-8', which it is by default, an unauthenticated, remo...

Maian Scripts Cookie Manipulation Authentication Bypass

The remote host is running at least one PHP application from Maian Script World that allows a remote attacker to bypass authentication and access the admin control panel by simply setting a special cookie. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

PHPEasyData 1.5.4 Multiple Vulnerabilities

------------- PHPEasyData ------------- Informations : Langage : PHP Version : 1.5.4 Website : http://www.phpeasydata.com/ Problems : Multiple vulnerabilities Description: PHPEasyData is a PHP application which allow you to manage and display on the web your dynamics data and directories. Details...

HiveMaker Professional 1.0.2 - &#039;cid&#039; SQL Injection

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV96$2008 ----------------------------------------------------------------------------------------- ECHOADV96$2008 HiveMaker Professional = 1.0.2 cid Sql Injection Vulnerability...

projectpier-xssxsrf.txt

====================================================================== ProjectPier Impact: Cross Site Scripting Cross Site Request Forgery Status: patch available ------------------------------ Affected software description: ------------------------------ Application: ProjectPier Version: = 0.80...

vTiger CRM Directory File Disclosure

The remote instance of vTiger allows an unauthenticated attacker to view the contents of application directories, which could lead to the disclosure of sensitive information. Note that the solution does not prevent an attacker from retrieving files by guessing their names, only obtaining a...