376 matches found
CVE-2004-2588
Intentional information leak in phpinfo.php in XMB aka extreme message board 1.9 beta aka Nexus beta allows remote attackers to obtain sensitive information such as the configuration of the web server and the PHP application...
Help Center Live Multiple Remote Vulnerabilities (Cmd Exec, XSS)
The remote host is running Help Center Live, a help desk application written in PHP. The remote version of this software is vulnerable to various flaws, including one that may allow an attacker to execute arbitrary commands on the remote host subject to the privileges of the web server user id...
2BGal disp_album.php id_album Parameter SQL Injection
The remote host appears to be running 2BGal, a photo gallery software written in PHP. There is a flaw in the 'dispalbum.php' script which fails to sanitize input to the 'idalbum' field. This may allow anyone to inject arbitrary SQL commands. An attacker could exploit this to obtain sensitive...
[SIG^2 G-TEC] singapore Image Gallery Web Application v0.9.10 Multiple Vulnerabilities
SIG^2 Vulnerability Research Advisory singapore Image Gallery Web Application v0.9.10 Multiple Vulnerabilities by Tan Chew Keong Release Date: 16 Dec 2004 ADVISORY URL http://www.security.org.sg/vuln/singapore0910.html SUMMARY singapore http://singapore.sourceforge.net/ is yet another open source...
phpGroupWare Detection
The remote host is running PHPGroupWare, a groupware system written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid15982; scriptversion"1.19"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"phpGroupWare Detection"...
IlohaMail < 0.8.14RC1 Unspecified Vulnerability
The remote host is running at least one instance of IlohaMail version 0.8.13 or earlier. Such versions are reportedly affected by an unspecified vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid15935;...
KorWeblog < 1.6.2 Multiple Vulnerabilities
The remote host is using KorWeblog, a web-based log application written in PHP. According to its banner, the installed version of KorWeblog is earlier than 1.6.2. Such versions are affected by reportedly affected by several vulnerabilities that may allow execution of arbitrary PHP code or retriev...
PHP-Kit <= 1.6.1 RC2 Multiple Vulnerabilities
The remote host is running PHP-Kit, an open source content management system written in PHP. The remote version of this software is vulnerable to multiple remote and local code execution, SQL injection and cross-site scripting flaws. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
phpScheduleIt < 1.0.1 Reservation.class.php Arbitrary Reservation Modification
According to its banner, the version of phpScheduleIt on the remote host is earlier than 1.0.1. Such versions are reportedly vulnerable to an undisclosed issue that may allow an attacker to modify or delete reservations. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
webcalendar.txt
--------------------------------------------------------------------------- Multiple Vulnerabilities in WebCalendar --------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2004 Location: Basque Country...
Multiple Vulnerabilities in WebCalendar
--------------------------------------------------------------------------- Multiple Vulnerabilities in WebCalendar --------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2004 Location: Basque Country...
mp-ldu.txt
Multiple SQL-injections in Land Down Under v701 Date: 30.10.04 Application: Land Down Under v701 Platform: PHP Severity: Medium Link: http://www.neocrome.net Vendor Status Vulnerabilities have been fixed. Details An input validation vulnerability was reported in Land Down Under v701. A remote use...
Horde Software Detection
The remote host is running Horde, a PHP-based application framework from The Horde Project. This script was written by George A. Theall, . See the Nessus Scripts License for details. include"compat.inc"; if description scriptid15604; scriptversion"1.24";...
WowBB <= 1.61 Multiple Vulnerabilities
The remote host is running WowBB, a web-based forum written in PHP. According to its version, the remote installation of WowBB is 1.61 or older. Such versions are vulnerable to cross-site scripting and SQL injection attacks. A malicious user can steal users' cookies, including authentication...
Coppermine Photo Gallery Detection
This plugin determines if Coppermine Photo Gallery is installed on the remote web server and extracts version numbers and locations of any instances found. Coppermine is an open source, web-based picture gallery application written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if...
Horde IMP HTML MIME Viewer Multiple XSS
The target is running at least one instance of IMP whose version number is between 3.0 and 3.2.5 inclusive. Such versions are vulnerable to several cross-site scripting attacks when viewing HTML messages with the HTML MIME viewer and certain browsers. Nessus has determined the vulnerability exist...
HastyMail HTML Attachment Script Execution
The remote host is running HastyMail, a PHP-based mail client application. The installed version contains a flaw caused by email attachments not being properly defined int he Content-Disposition HTTP header. An attacker could exploit this flaw to inject Javascript or ActiveX code in an attachment...
Mantis < 0.18.1 Multiple Unspecified XSS
According to its banner, the remote version of Mantis contains a flaw in the handling of some types of input. Because of this, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected website. %NASLMINLEVEL 7030...
Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities
According to its banner, the remote version of Mantis contains multiple flaws that may allow an attacker to use it to perform a mass emailing, to inject HTML tags in the remote pages, or to execute arbitrary commands on the remote host if PHP's 'registerglobals' setting is enabled. %NASLMINLEVEL...
Gallery < 2.2.4 Multiple Vulnerabilities
Binary data 4540.prm...