2271 matches found
NOCC 1.0 - filter_prefs.php?html_filter_select Cross-Site Scripting
NOCC 1.0 - filterprefs.php?htmlfilterselect Cross-Site Scripting source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can...
Noahs Classifieds 1.01.3 - index.php Remote File Inclusion
Noahs Classifieds 1.01.3 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/16780/info Noah's Classifieds is prone to a remote file-include vulnerability. An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process...
coppermine -- File Inclusion Vulnerabilities
Secunia reports: Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people and by malicious users to compromise a vulnerable system. 1 Input passed to the "lang" parameter in include/init.inc.php isn't properly verified, before it is used to include files. This can...
CVE-2006-0757
Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via 1 the contactgroupid parameter in addressbook.update.php, 2 the messageid parameter in addressbook.add.php, 3 the folderid parameter in folders.update.php, and possibly...
CVE-2006-0757
CVE-2006-0757 describes multiple PHP eval-injection vulnerabilities in HiveMail 1.3 and earlier, allowing remote attackers to execute arbitrary PHP code via various parameters (e.g., contactgroupid in addressbook.update.php, messageid in addressbook.add.php, folderid in folders.update.php, and ot...
Dreamcost HostAdmin 3.0 - 'index.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/16682/info HostAdmin is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...
dotProject 2.0 - modulesadminvw_usr_roles.php?baseDir Remote File Inclusion
dotProject 2.0 - modulesadminvwusrroles.php?baseDir Remote File Inclusion source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...
dotProject 2.0 - includessession.php?baseDir Remote File Inclusion
dotProject 2.0 - includessession.php?baseDir Remote File Inclusion source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker c...
dotProject 2.0 - modulesprojectsgantt.php?dPconfig[root_dir] Remote File Inclusion
dotProject 2.0 - modulesprojectsgantt.php?dPconfigrootdir Remote File Inclusion source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. ...
dotProject 2.0 - modulestasksgantt.php?baseDir Remote File Inclusion
dotProject 2.0 - modulestasksgantt.php?baseDir Remote File Inclusion source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker...
dotProject 2.0 - '/includes/db_connect.php?baseDir' Remote File Inclusion
source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...
dotProject 2.0 - '/modules/tasks/gantt.php?baseDir' Remote File Inclusion
source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...
dotProject 2.0 - '/includes/session.php?baseDir' Remote File Inclusion
source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...
HiveMail <= 1.3 Multiple Vulnerabilities
GulfTech Security Research February 10, 2006 Vendor : HiveMail URL : http://www.hivemail.com/ Version : HiveMail = 1.3 Risk : Multiple Vulnerabilities Description: HiveMail is a powerful web-based email program that allows you to offer personal email accounts to your visitors. This makes HiveMail...
LinPHA 0.9.x1.0 - lang Local File Inclusion
LinPHA 0.9.x1.0 - lang Local File Inclusion source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts...
CVE-2006-0636
desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the SESSION variable before calling the sessionstart function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using...
FCKEditor 2.0 2.2 - FileManager connector.php Arbitrary File Upload
FCKEditor 2.0 2.2 - FileManager connector.php Arbitrary File Upload a short explaination: if a user cam call directly http://target/path/editor/filemanager/browser/default/connectors/php/connector.php he can upload malicious contempt on a target server, including arbitrary php code, and launch...
Farsinews 2.1 - Loginout.php Remote File Inclusion
Farsinews 2.1 - Loginout.php Remote File Inclusion source: https://www.securityfocus.com/bid/16440/info FarsiNews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...
Farsinews 2.1 - 'Loginout.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/16440/info FarsiNews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...
Design/Logic Flaw
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the dbid parameter to visitorupload.php, as demonstrated using phpinfo and include function calls...