X10media Mp3 Search Engine <= 1.6 Remote File Disclosure Vulnerability

No description provided by source. THUNDER X10media Mp3 Search Engine v1.5.5 - 1.6 Remote File Disclosure Vulnerability Founded by : THUNDER t4hathotmail.fr Dork: "This search engine is in no way intended for illegal downloads. " File : Download.php...

X10media Mp3 Search Engine 1.6 - Remote File Disclosure

THUNDER X10media Mp3 Search Engine v1.5.5 - 1.6 Remote File Disclosure Vulnerability Founded by : THUNDER Dork: "This search engine is in no way intended for illegal downloads. " File : Download.php =========================================================================================== to rea...

CuteNews aj-fork - path Remote File Inclusion

CuteNews aj-fork - path Remote File Inclusion source: https://www.securityfocus.com/bid/32141/info CuteNews aj-fork is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...

CuteNews aj-fork - 'path' Remote File Inclusion

source: https://www.securityfocus.com/bid/32141/info CuteNews aj-fork is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in t...

WordPress cat Parameter Directory Traversal Vulnerability

WordPress is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...

CVE-2008-4928

Cross-site scripting XSS vulnerability in the redirect function in functions.php in MyBB aka MyBulletinBoard 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a...

CVE-2008-4811

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ backslash before a dollar-sign character...

Code injection

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and 1 a dollar-sign character, aka "php executed in templates;" and 2 a double quoted literal string, aka a "function...

Code injection

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ backslash before a dollar-sign character...

CVE-2008-4811

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ backslash before a dollar-sign character...

CVE-2008-4810

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and 1 a dollar-sign character, aka "php executed in templates;" and 2 a double quoted literal string, aka a "function...

CVE-2008-4811

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ backslash before a dollar-sign character...

H2O-CMS 3.4 - PHP Code Injection Cookie Authentication Bypass

H2O-CMS 3.4 - PHP Code Injection Cookie Authentication Bypass source: https://www.securityfocus.com/bid/31961/info H2O-CMS is prone to a PHP code-injection vulnerability and a cookie authentication-bypass vulnerability. An attacker can exploit the PHP code-injection issue to inject and execute...

H2O-CMS 3.4 - PHP Code Injection / Cookie Authentication Bypass

source: https://www.securityfocus.com/bid/31961/info H2O-CMS is prone to a PHP code-injection vulnerability and a cookie authentication-bypass vulnerability. An attacker can exploit the PHP code-injection issue to inject and execute arbitrary malicious PHP code in the context of the webserver...

bcoos 1.0.13 - common.php Remote File Inclusion

bcoos 1.0.13 - common.php Remote File Inclusion source: https://www.securityfocus.com/bid/31929/info The 'bcoos' program is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote fil...

bcoos 1.0.13 - 'common.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/31929/info The 'bcoos' program is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it i...

WebSVN <= 2.0 (XSS/FH/CE) Multiple Remote Vulnerabilities

No description provided by source. WebSVN = 2.0 Multiple Vulnerabilities October 20, 2008 Vendor : Tim Armes URL : http://websvn.tigris.org Version : WebSVN = 2.0 Risk : Multiple Vulnerabilities Description: WebSVN is an online SVN repository viewer. The description taken from the project website...

Admbook PHP Code Injection Flaw

The remote web server contains a PHP script that allows arbitrary code injection. Description : The remote host is running AdmBook, a PHP-based guestbook. The remote version of this software is prone to remote PHP code injection due to a lack of sanitization of the HTTP header 'X-Forwarded-For'...

websvn-xssfhce.txt

WebSVN alertdocument.cookie; A url like the one above would display a JavaScript alert window containing the cookie data of any set cookies for the domain. File Handling Issues: There are some file handling issues in the RSS functionality used by WebSVN. The issue is caused by the following bit o...

myEvent Multiple Remote Vulnerabilities

myEvent is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Josh Zlatin-Amishav Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...