phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion

The version of phpMyAdmin installed on the remote host allows attackers to read and possibly execute code from arbitrary files on the local host because of its failure to sanitize the parameter 'subform' before using it in the 'libraries/grabglobals.lib.php' script. %NASLMINLEVEL 70300 C Tenable...

Mail-it Now! Upload2Server Predictable Filename Upload Arbitrary Code Execution

The remote host is running Mail-it Now! Upload2Server, a free, PHP feedback form script supporting file uploads. The version of Upload2Server installed on the remote host stores uploaded files insecurely. An attacker may be able to exploit this flaw to upload a file with arbitrary code and then...

SaveWebPortal <= 3.4 Multiple Vulnerabilities

The remote host is running SaveWebPortal, a PHP web portal application. The installed version of SaveWebPortal is prone to multiple vulnerabilities, including remote code execution, arbitrary file inclusion, and cross-site scripting XSS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Simple Machines Forum Avatar Information Disclosure Vulnerability

The remote host is running Simple Machines Forum SMF, an open source web forum application written in PHP. The installed version of SMF on the remote host does not properly sanitize the URI supplied for the user avatar. An attacker who is registered in the affected application can exploit this fl...

YaPiG <= 0.9.5b Multiple Vulnerabilities

The remote host is running YaPiG, a web-based image gallery written in PHP. According to its banner, the version of YaPiG installed on the remote host is prone to arbitrary PHP code injection and cross-site scripting attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Simple PHP Blog <= 0.4.0 Multiple Vulnerabilities

The version of Simple PHP Blog installed on the remote host allows authenticated attackers to upload files containing arbitrary code to be executed with the privileges of the web server userid. In addition, it likely lets anyone retrieve its configuration file as well as the user list and to dele...

Netquery <= 3.11 nquser.php host Parameter Arbitrary Command Execution

The remote host is running Netquery, a suite of network information utilities written in PHP. The installed version of Netquery lets an attacker execute arbitrary commands within the context of the affected web server user id by passing them through the 'host' parameter of the 'nquser.php' script...

BMForum Multiple Script XSS

The remote host is running BMForum, a web forum written in PHP. The remote version of this software is affected by several cross-site scripting vulnerabilities. The issues are due to failures of the application to properly sanitize user-supplied input. %NASLMINLEVEL 70300 This script was written ...

TOPo22.txt

TOPo 2.2 multiple variable & fields XSS and information disclosure vendor url:http://ej3soft.ej3.net/index.php?m=info&s=topo&t=info advisore: http://lostmon.blogspot.com/2005/05/topo-22-multiple-variable-fields-xss.html vendor notified: yes exploit available: yes. TOPo is a free TOP system writte...

Gallery PostNuke Integration Access Validation Privilege Escalation

The remote host is running Gallery, a web-based photo album. According to its banner, the version of Gallery installed on the remote host is subject to an access validation issue when integrated with PostNuke, as is the case on the remote host. The issue means that any user with any level of admi...

[Full-disclosure] My Bulletin Board RC 4 Vulnerabilities

SQL Injection Vulnerabilities in MyBB RC 4 +Security Patch Vendor: MyBB Group Version: MyBulletinBoard 1.00 RC4+ Security Patch Risk: High if magicquotesgpc = Off URL: http://www.mybboard.com "MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. MyBB has been designed...

osCommerce Unprotected Admin Directory

The installation of osCommerce on the remote host apparently lets anyone access the application's admin directory, which means that they have complete administrative access to the site. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

PunBB < 1.2.6 Multiple Vulnerabilities

The remote version of PunBB contains a flaw in its template system that can be exploited to read arbitrary local files or, if an attacker can upload a specially crafted avatar, to execute arbitrary PHP code. In addition, the application fails to sanitize the 'temp' parameter of the 'profile.php'...

XOOPS Detection

The remote host is running XOOPS, a web content management system written in PHP and released under the GPL. Tenable Network Security, Inc. include"compat.inc"; if description scriptid18613; scriptversion"1.18"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/05/24";...

phpBB2 Plus <= 1.52 Multiple XSS

The remote host is running a version of phpBB2 Plus that suffers from multiple cross-site scripting flaws due to a general failure of the application and associated modules to sanitize user-supplied input. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

osCommerce application_top.php Multiple Parameter HTTP Response Splitting

The version of osCommerce on the remote host suffers from multiple HTTP response splitting vulnerabilities due to its failure to sanitize user-supplied input to various parameters of the 'includes/applicationtop.php' script, the 'goto' parameter of the 'banner.php' script, and possibly others. An...

YaPiG < 0.95b Multiple Vulnerabilities

The remote host is running YaPiG, a web-based image gallery written in PHP. The installed version of YaPiG is vulnerable to multiple flaws : - Remote and local file inclusion. - Cross-site scripting and HTML injection flaws through 'view.php'. - Directory traversal flaw through 'upload.php'...

Dream4 Koobi CMS index.php area Parameter SQL Injection

The remote host is running the Dream4 Koobi CMS, a CMS written in PHP. The remote version of this software contains an input validation flaw leading to a SQL injection vulnerability. An attacker may exploit this flaw to execute arbitrary SQL commands against the remote database. %NASLMINLEVEL 703...

Calendarix Multiple Vulnerabilities (SQLi, XSS)

The remote host is running Calendarix, a PHP-based calendar system. The remote version of this software is prone to a remote file include vulnerability as well as multiple cross-site scripting, and SQL injection vulnerabilities. Successful exploitation could result in execution of arbitrary PHP...

CodeThatShoppingCart Multiple Remote Vulnerabilities (SQLi, XSS, ID)

The remote host is running the CodeThat.com ShoppingCart, a shopping cart program written in PHP. The remote version of this software fails to sanitize input to the 'id' parameter of the 'catalog.php' script before using it in a database query. An unauthenticated, remote attacker could leverage...