376 matches found
MODx CMS 0.9.2.1 - FCKeditor Remote File Inclusion
MODx CMS 0.9.2.1 - FCKeditor Remote File Inclusion +------------------------------------------------------------------------------------------- + MODx CMS 0.9.2.1 basepath Remote File Include Vulnerability +------------------------------------------------------------------------------------------...
MODx CMS 0.9.2.1 - 'FCKeditor' Remote File Inclusion
+------------------------------------------------------------------------------------------- + MODx CMS 0.9.2.1 basepath Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Affected Software .: MODx CMS 0.9.2.1 + Vendor...
MODx CMS 0.9.2.1 (base_path) Remote File Include Vulnerability
+------------------------------------------------------------------------------------------- + MODx CMS 0.9.2.1 basepath Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Affected Software .: MODx CMS 0.9.2.1 + Vendor...
PHP-Post <= 1.01 (template) Remote Code Execution Exploit
!/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
Open Conference System < 1.1.6 Multiple Script fullpath Parameter Remote File Inclusion
The remote host is using Open Conference System, a PHP application for managing scholarly conference websites. The version of Open Conference System installed on the remote host fails to sanitize input to the 'fullpath' parameter before using it to include PHP code in the 'include/theme.inc.php'...
Moodle < 1.6.2 Multiple Vulnerabilities
The installed version of Moodle fails to sanitize user-supplied input to a number of parameters and scripts. An attacker can leverage these issues to launch SQL injection and cross-site scripting attacks against the affected application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
phpNULL.txt
Author: ShAnKaR Title: multiple PHP application poison NULL byte vulnerability Applications: phpBB 2.0.21, punBB 1.2.12 Threat Level: Critical Original advisory in Russian: http://www.security.nnov.ru/Odocument221.html Poison NULL byte vulnerability for perl CGI applications was described in 1...
Timesheet 1.2.1 Blind SQL Injection Vulnerability
About: Timesheet.php is a PHP application designed to keep track of the hours worked by multiple people on multiple projects. It allows users to log in through their web browser and manage the times that they are clocked on or clocked off. Description: A vulnerability can be found on the file...
Joomla! < 1.0.11 administrator/index.php Input Weakness
The version of Joomla! installed on the remote host is affected by an input weakness flaw in the administrator/index.php script due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to impact confidentiality, integrity, or availability. No other...
CubeCart < 3.0.13 Multiple Vulnerabilities
Binary data 3736.prm...
CubeCart < 3.0.12 Multiple Vulnerabilities (SQLi, XSS)
The version of CubeCart installed on the remote host fails to properly sanitize user-supplied input to several parameters and scripts before using it in database queries and to generate dynamic web content. An unauthenticated attacker may be able to exploit these issues to conduct SQL injection a...
Loudblog index.php id Parameter SQL Injection
The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files. The version of Loudblog installed on the remote host fails to sanitize input to the 'id' parameter of the 'index.php' script before using it in a database query. This may allow an unauthenticat...
VHCS include/sql.php include_path Parameter Remote File Inclusion
The remote host is running VHCS, a control panel for hosting providers. The GUI portion of the version of VHCS installed on the remote host fails to sanitize input to the 'includepath' parameter of the 'include/sql.php' script before using it to include PHP code. Provided PHP's 'registerglobals'...
Geeklog Multiple Script _CONF[path] Parameter Remote File Inclusion
The version of Geeklog installed on the remote host fails to sanitize input to the 'CONFpath' parameter before using it in several scripts to include PHP code. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be able to exploit these flaws to view arbitrary fil...
Geeklog auth.inc.php loginname Parameter SQL Injection
The version of Geeklog installed on the remote fails to sanitize input to the 'loginname' and 'passwd' parameters before using it in the script 'admin/auth.inc.php' to construct database queries. Provided PHP's 'magicquotesgpc' setting is enabled, an unauthenticated attacker can exploit this flaw...
UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion
The version of UBB.threads installed on the remote host fails to sanitize input to the 'thispath' parameter before using it in a PHP include function in the 'addpostnewpoll.php' script. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be able to exploit this fl...
FCKeditor upload.php Type Parameter Arbitrary File Upload
The version of FCKeditor installed on the remote host allows an unauthenticated attacker to upload arbitrary files containing, say, PHP code, and then to execute them subject to the privileges of the web server user ID. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
SugarCRM <= 4.2.0a Multiple Script sugarEntry Parameter Remote File Inclusion
The version of SugarCRM installed on the remote host fails to sanitize input to various parameters and scripts before using it to include PHP code from other files. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be able to exploit these issues to view arbitra...
Aardvark Topsites CONFIG[path] Parameter Remote File Inclusion
Aardvark Topsites PHP is installed on the remote host. It is an open source toplist management system written in PHP. The application does not sanitize user-supplied input to the 'CONFIGpath' variable in some PHP files, for example, 'lostpw.php' This allows an attacker to include arbitrary files,...
dnGuestbook <= 2.0 Remote SQL Injection Vulnerabilities
No description provided by source. / | | | | | SECURITY ADVISORY | | | | | /¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ advisory: dnGuestbook = v2.0 remote sql injection vulnerability release: 2006-04-08 author: snatcher snatcher at gmx.ch country: switzerland |+| application: dnGuestbook =...