376 matches found
vBulletin search.php query Parameter XSS
There is a cross-site scripting issue in vBulletin that may allow an attacker to steal a user's cookies. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid12058; scriptversion"1.24"; scriptcveid"CVE-2004-2076";...
HotNews Multiple Script Remote File Inclusion
The remote host is running HotNews, a set of PHP scripts designed to set up a newssystem for web pages. It is possible this suite to make the remote host include php files hosted on a third-party server. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell wi...
Les Visiteurs Multiple Remote File Inclusion
The remote 'Les Visiteurs' PHP scripts are vulnerable to a bug wherein any anonymous user can force the server to redirect to any arbitrary IP and download a potentially malicious include file. This can allow an attacker to upload and execute malicious code on the web server. %NASLMINLEVEL 70300 ...
Webcalendar <= 0.9.42 Cross Site Scripting Attacks and Potential SQL Injection Attack
Webcalendar = 0.9.42 http://webcalendar.sourceforge.net/ WebCalendar is a PHP application used to maintain a calendar for one or more persons Cross Site Scripting ======================================== Files Mabe Others: ---------------------------- includes/js/colors.php Code Sniplet:...
paFileDB <= 3.1 Multiple Vulnerabilities (1)
The remote host is running a version of paFileDB that is prone to a wide variety of vulnerabilities, including arbitrary file uploads, local file inclusion, SQL injection, and cross-site scripting issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Several bugs found in "Spyke's PHP Board"
================================================ ------------------------------------------------ ------------www.bright-shadows.net------------ ------------------------------------------------ --------------theblacksheep&erik-------------- ------------------------------------------------...
MantisBT Detection
MantisBT, an open source bug tracking application written in PHP and using a MySQL back-end, was detected on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11652; scriptversion"1.26"; scriptsetattributeattribute:"pluginmodificationdate",...
Owl_Intranet_Engine.txt
-------------------------------------------------- Owl Intranet Engine - File Disclosure Vulnerabilty -------------------------------------------------- Date: 5-12-03 Advisory Url: http://sec.angrypacket.com/advisories.phtml Vendor Home Page: http://owl.sourceforge.net/ Vendor Project Page:...
GTcatalog password.inc Direct Request Password Disclosure
The remote web server hosts GTcatalog, a catalog management system written in PHP. It is possible to obtain the password of the remote GTcatalog installation by directly requesting the file 'password.inc'. An attacker may leverage this issue to obtain the password and gain administrative access t...
Alexandria-dev Multiple Script Upload Spoofing Arbitrary File Access
The remote host seems to be running Alexandria-Dev, an open source project management system. The CGIs 'docman/new.php' and 'patch/index.php' can be used by an attacker with the proper credentials to upload a file and trick the server about its real location on the disk. Therefore, an attacker ma...
Kietu index.php Remote File Inclusion
The version of the Kietu web statistics application hosted on the remote web server fails to sanitize user-supplied input to the 'urlhit' parameter of the 'index.php' script before using it to include PHP code. Regardless of PHP's 'registerglobals' setting, an unauthenticated attacker can exploit...
WebChat defines.php WEBCHATPATH Parameter Remote File Inclusion
The version of Webchat installed on the remote host allows an attacker to read local files or execute PHP code, possibly taken from third- party sites, subject to the permissions of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: "Frog Man" To:...
N/X Web Content Management Multiple Script Remote File Inclusion
It is possible to make the remote host include PHP files hosted on a third-party server using N/X Web content management system. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network...
XSS bug in MyMarket 1.71
+----------------------+ | XSS in MyMarket 1.71 | +----------------------+ Product Description =================== MyMarket is a fully functional online shopping catalog system, built using PHP and MySQL. It was created by Ying Zhang for the purpose of teaching people about the basics of creating...
Clicky Web Pseudo-frames 1.0 - Remote File Inclusion
Clicky Web Pseudo-frames 1.0 - Remote File Inclusion source: https://www.securityfocus.com/bid/4756/info Pseudo-frames is an application written in PHP and is maintained by Clicky Web. Pseudo-frames permit remote file including. As a result, a remote attacker may include an arbitrary file located...
Basilix Webmail .class / .inc Direct Request Remote Information Disclosure
It is possible to download the include files on the remote BasiliX webmail service. An attacker may use these to obtain the MySQL authentication credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10601;...