EZDatabase.txt

Synopsis: EZDatabase directory transversal, XSS and path disclosure vulnerability Product: EZDatabase http://www.ezdatabase.org Version: Confirmed on EZDatabase 2.1.2 Author: Josh Zlatin-Amishav Date: January 15, 2006 Background: Written in PHP and MySQL, ezDatabase is the foundation for your...

Cerberus Helpdesk GUI Agent < 2.7.1 Multiple Remote Vulnerabilities (SQLi, XSS)

The remote host is running Cerberus Helpdesk, a web-based helpdesk suite written in PHP. The installed version of Cerberus Helpdesk is affected by several SQL injection issues and one cross-site scripting flaw because of its failure to sanitize user-supplied input to various parameters and script...

ODFaq SQL inj. vuln.

ODFaq SQL inj. vuln. Vuln. discovered by : r0t Date: 18 dec. 2005 vendor:http://www.oodie.com/project/odfaq/ affected version: 2.1.0 and prior Product Description: PHP application that allows you to manage frequently asked questions. You can create/edit/delete entries using user-friendly web base...

Jamit Job Board 2.4.x SQL inj.

Jamit Job Board 2.4.x SQL inj. Vuln. dicovered by : r0t Date: 14 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/jamit-job-board-24x-sql-inj.html vendor:http://www.jamit.com.au/ affected version:2.4.1 and prior Product Description: Job Board Pro is a PHP application for running and...

webCalSQL.txt

WebCalendar Multiple Vulnerabilities. Author: lwang lwang at lwang.org Publish Date: 2005-12-1 Description: WebCalendar is a PHP application used to maintain a calendar for one or more persons and for a variety of purposes. In WebCalendar 0.1.0, activitylog.php and editreporthandler.php are prone...

WebCalendar < 1.0.2 Multiple Vulnerabilities

The remote version of WebCalendar does not validate input to the 'id' and 'format' parameters of the 'exporthandler.php' script before using it to overwrite files on the remote host, subject to the privileges of the web server user id. In addition, the 'activitylog.php', 'adminhandler.php',...

CVE-2004-2588

Intentional information leak in phpinfo.php in XMB aka extreme message board 1.9 beta aka Nexus beta allows remote attackers to obtain sensitive information such as the configuration of the web server and the PHP application...

Moodle < 1.5.3 Multiple SQL Injection Vulnerabilities

The remote installation of Moodle fails to sanitize user-supplied input to the 'id' parameter of the 'course/category.php' and 'course/info.php' scripts as well as the 'user' parameter of the 'iplookup/ipatlas/plot.php' script before using it in database queries. An attacker can exploit these...

PHPList < 2.10.3 Multiple Vulnerabilities

Binary data 3283.prm...

CuteNews Multiple Script Traversal Privilege Escalation

The version of CuteNews installed on the remote host fails to sanitize input to the 'template' parameter of the 'showarchives.php' and 'shownews.php' scripts. An attacker can exploit this issue to read arbitrary files and possibly even execute arbitrary PHP code on the remote host, subject to the...

YaPiG Multiple Flaws

The remote web server contains a PHP application that is affected by multiple flaws. Description : The remote host is running YaPiG, a web-based image gallery written in PHP. The installed version of YaPiG is vulnerable to multiple flaws: - Remote and local file inclusion. - Cross-site scripting...

YaPiG Remote Server-Side Script Execution Vulnerability

The remote web server contains a PHP application that is prone to arbitrary PHP code injection vulnerabilities. Description : The remote host is running YaPiG, a web-based image gallery written in PHP. The remote version of YaPiG may allow a remote attacker to execute malicious scripts on a...

QWikiwiki directory traversal vulnerability

The remote host is running QWikiwiki, a Wiki application written in PHP. The remote version of this software contains a validation input flaw which may allow an attacker to use it to read arbitrary files on the remote host with the privileges of the web server. SPDX-FileCopyrightText: 2005 Noam...

PunBB URL Quote Tag XSS

The remote web server contains a PHP application that is prone to cross-site scripting attacks. Description : According to its banner, the remote version of PunBB is vulnerable to cross-site scripting flaws because the application does not validate URL and quote tags. With a specially-crafted URL...

YaPiG Password Protected Directory Access Flaw

The remote web server contains a PHP application that is prone to an information disclosure flaw. Description : The remote host is running YaPiG, a web-based image gallery written in PHP. The remote version of this software contains a flaw that can let a malicious user view images in password...

x-news 1

The remote web server contains a PHP application that is prone to information disclosure. Description : X-News is a news management system, written in PHP. X-News uses a flat-file database to store information. It will run on most Unix and Linux variants, as well as Microsoft Windows operating...

YaPiG Multiple Flaws

The remote web server contains a PHP application that is affected by multiple flaws. Description : The remote host is running YaPiG, a web-based image gallery written in PHP. The installed version of YaPiG is vulnerable to multiple flaws: - Remote and local file inclusion. - Cross-site scripting...

WowBB <= 1.61 multiple flaws

The remote web server contains a PHP application that is prone to multiple flaws. Description : The remote host is running WowBB, a web-based forum written in PHP. According to its version, the remote installation of WowBB is 1.61 or older. Such versions are vulnerable to cross-site scripting and...

phpBB <= 2.0.17 Multiple Vulnerabilities

The remote host is running a version of phpBB that, if using PHP 5 with 'registerglobals' enabled, fails to properly deregister global variables as well as failing to initialize several variables in various scripts. An attacker may be able to exploit these issues to execute arbitrary code or to...

ATutor < 1.5.1-pl1 Multiple Remote Vulnerabilities (XSS, RFI, Command Exe)

The remote host is running ATutor, an open source, web-based Learning Content Management System LCMS written in PHP. The version of ATutor installed on the remote host may be vulnerable to arbitrary command execution, arbitrary file access, and cross-site scripting attacks. Successful exploitatio...