7194 matches found
EV0003.txt
New eVuln Advisory: oaBoard PHP Code Execution --------------------Summary---------------- Software: oaBoard Versions: 1.0 Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu [email protected]...
[eVuln] oaBoard PHP Code Execution
New eVuln Advisory: oaBoard PHP Code Execution --------------------Summary---------------- Software: oaBoard Versions: 1.0 Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu [email protected]...
cijfer-cnxpl.pl.txt
!/usr/bin/perl cijfer-cnxpl - CuteNews All rights reserved. 1. example cijfer@kalma:/research$ ./cijfer-cnxpl.pl -h www.xxxx.org -d /news [email protected] /$ id;uname -a uid=48apache gid=48apache groups=48apache,29000webserving context=root:systemr:httpdsysscriptt Linux server.xxxx.org...
[SA18268] phpBook "email" PHP Code Injection Vulnerability
TITLE: phpBook "email" PHP Code Injection Vulnerability SECUNIA ADVISORY ID: SA18268 VERIFY ADVISORY: http://secunia.com/advisories/18268/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: phpBook 1.x http://secunia.com/product/6719/ DESCRIPTION: Aliaksandr Hartsuyeu ha...
CuteNews 1.4.1 - categories.mdu Remote Command Execution
CuteNews 1.4.1 - categories.mdu Remote Command Execution !/usr/bin/perl cijfer-cnxpl - CuteNews All rights reserved. 1. example cijfer@kalma:/research$ ./cijfer-cnxpl.pl -h www.xxxx.org -d /news [email protected] /$ id;uname -a uid=48apache gid=48apache groups=48apache,29000webserving...
PHPBook 1.x - Mail Field PHP Code Injection
PHPBook 1.x - Mail Field PHP Code Injection source: https://www.securityfocus.com/bid/16106/info phpBook is prone to a vulnerability that may let remote attackers inject arbitrary PHP code into the application. This code may then be executed by visiting pages that include the injected code. E-mai...
OABoard 1.0 Forum - Remote File Inclusion
source: https://www.securityfocus.com/bid/16105/info The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application. This could result in the execution of arbitrary PHP code in the context of th...
CVE-2005-4558
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include...
CVE-2005-4558
CVE-2005-4558 affects IceWarp Web Mail 5.5.1 (used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue arises in mail/index.html where the language parameter lang_settings is not properly restricted before storage in the database, allowing remote authenticated users to ...
CVE-2005-4558
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include...
IceWarp Universal WebMail - mailinclude.html Crafted HTTP_USER_AGENT Arbitrary File Access
IceWarp Universal WebMail - mailinclude.html Crafted HTTPUSERAGENT Arbitrary File Access source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp...
IceWarp Universal WebMail - adminincinclude.php Multiple Remote File Inclusions
IceWarp Universal WebMail - adminincinclude.php Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal...
IceWarp Universal WebMail - dirinclude.html?lang Local File Inclusion
IceWarp Universal WebMail - dirinclude.html?lang Local File Inclusion source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into...
IceWarp Universal WebMail - mailsettings.html?Language Local File Inclusion
IceWarp Universal WebMail - mailsettings.html?Language Local File Inclusion source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMai...
IceWarp Universal WebMail - '/accounts/inc/include.php' Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites. An attacker can exploit these issues to include arbitra...
Tolva 0.1 - 'Usermods.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/16000/info Tolva is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may help the attacker...
Tolva 0.1 - Usermods.php Remote File Inclusion
Tolva 0.1 - Usermods.php Remote File Inclusion source: https://www.securityfocus.com/bid/16000/info Tolva is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the...
CVE-2005-4424
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. dot dot in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00...
Plogger Beta 2 - Remote File Inclusion
source: https://www.securityfocus.com/bid/15992/info Plogger is prone to a remote file include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the Web server process. This may facilitate a...
Plogger Beta 2 - Remote File Inclusion
Plogger Beta 2 - Remote File Inclusion source: https://www.securityfocus.com/bid/15992/info Plogger is prone to a remote file include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the Web server...