CubeCart FCKeditor connector.php Arbitrary File Upload

The version of CubeCart installed on the remote host allows an unauthenticated user to upload files with arbitrary PHP code and then to execute them subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Full path disclosure in Webcalendar 1.1.0-CVS

Full path disclosure in webcalendar Author : Rusydi Hasan M a.k.a : cR45H3R Location : Indonesia, Cilacap Date : March,28th 2006 Version : 1.1.0-CVS --- software description WebCalendar is a PHP application used to maintain a calendar for one or more persons and for a variety of purposes. ---...

SPIP < 1.8.2-g SQL Injection and XSS Flaws

The remote web server has a PHP application that is affected by multiple flaws. Description: The remote host is running SPIP, an open-source CMS written in PHP. The remote version of this software is prone to SQL injection and cross site scripting attacks. An attacker could send specially crafted...

Plume CMS <= 1.0.2 Remote File Inclusion Vulnerability

The remote host is running a PHP application that is prone to local and remote file inclusion attacks. Description : The system is running Plume CMS a simple but powerful content management system. The version installed does not sanitize user input in the 'PXconfigmanagerpath' parameter in the...

Mantis File Inclusion and SQL Injection Flaws

The remote web server contains a PHP application that is affected by multiple flaws. Description : The remote version of Mantis suffers from a remote file inclusion vulnerability. Provided PHP's 'registerglobals' setting is enabled, An attacker may be able to leverage this issue to read arbitrary...

Limbo CMS Multiple Vulnerabilities

The remote web server contains a PHP application that is affected by numerous vulnerabilities. Description : The remote host is running Limbo CMS, a content-management system written in PHP. The remote version of this software is vulnerable to several flaws including : - If registerglobals is off...

phpBB <= 2.0.18 Multiple Cross-Site Scripting Flaws

The remote web server contains a PHP application that is affected by several flaws. Description : According to its version number, the remote version of this software is vulnerable to Javascript injection issues using 'url' bbcode tags and, if HTML tags are enabled, HTML more generally. This may...

Mantis Multiple Flaws (4)

The remote web server contains a PHP application that is affected by several flaws. Description : According to its banner, the version of Mantis on the remote host fails to sanitize user-supplied input to the 'gdbtype' parameter of the 'core/databaseapi.php' script. Provided PHP's 'registerglobal...

ATutor < 1.5.1-pl1 Multiple Flaws

The remote web server contains a PHP application that is prone to multiple flaws. The remote host is running ATutor, an open-source web-based Learning Content Management System LCMS written in PHP. The version of ATutor installed on the remote host may be vulnerable to arbitrary command execution...

Horde < 3.1 go.php url Parameter File Disclosure

Binary data 3477.prm...

Geeklog lib-sessions.php Session Cookie Handling Authentication Bypass

The version of Geeklog installed on the remote contains a flaw in its session-handling library that can be exploited by an attacker to bypass authentication and gain access as any user, including the admin. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Loudblog < 0.42 template Parameter Traversal

The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files. The version of Loudblog installed on the remote host fails to sanitize input to the 'template' parameter of the 'index.php' script before returning the contents of the file in a dynamic web pag...

vBulletin Email Field XSS

According to its banner, the version of vBulletin installed on the remote host does not properly sanitize user-supplied-input to the email field in the 'profile.php' script. Using a specially crafted email address in his profile, an authenticated attacker can leverage this issue to inject arbitra...

imageVue < 16.2 admin/upload.php Unrestricted File Upload

The remote host is running imageVue, a web-based photo gallery application written in PHP. The installed version of imageVue allows unauthenticated attackers to upload arbitrary files, including files containing code that can then be executed subject to the privileges of the web server user id. I...

Plume CMS < 1.0.3 Remote File Inclusion

The system is running Plume CMS a simple but powerful content management system. The version installed does not sanitize user input in the 'PXconfigmanagerpath' parameter in the 'prepend.php' file. This allows an attacker to include arbitrary files and execute code on the system. This flaw is...

Geeklog < 1.3.11sr4 / 1.4.0sr1 Multiple Remote Vulnerabilities (LFI, SQLi)

The installed version of Geeklog suffers from a number of SQL injection and local file flaws due to a failure of the application to sanitize user-supplied input. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid2095...

dotProject Multiple Scripts Remote File Inclusion

The remote host is running dotProject, a web-based, open source, project management application written in PHP. The installed version of dotProject fails to sanitize input to various parameters and scripts before using it to include PHP code. Provided PHP's 'registerglobals' setting is enabled, a...

dotProject docs/ Directory Multiple Script Information Disclosure

The remote host is running dotProject, a web-based, open source, project management application written in PHP. The installed version of dotProject discloses sensitive information because it lets an unauthenticated attacker call scripts in the 'docs' directory. %NASLMINLEVEL 70300 C Tenable Netwo...

RunCMS Multiple Script bbPath Parameter Remote File Inclusion

The installed version of RunCMS fails to validate user input to the 'bbPath' parameter of two scripts. An unauthenticated attacker may be able to leverage this issue to view arbitrary files on the remote host or to execute arbitrary PHP code, possibly taken from third-party hosts. Note that...

MyBB index.php 'referrer' Parameter SQLi

The version of MyBB installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'referrer' parameter before using it in the globals.php script. A remote attacker can exploit this issue to manipulate SQL queries, resulting in...