7212 matches found
[SA18268] phpBook "email" PHP Code Injection Vulnerability
TITLE: phpBook "email" PHP Code Injection Vulnerability SECUNIA ADVISORY ID: SA18268 VERIFY ADVISORY: http://secunia.com/advisories/18268/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: phpBook 1.x http://secunia.com/product/6719/ DESCRIPTION: Aliaksandr Hartsuyeu ha...
cijfer-cnxpl.pl.txt
!/usr/bin/perl cijfer-cnxpl - CuteNews All rights reserved. 1. example cijfer@kalma:/research$ ./cijfer-cnxpl.pl -h www.xxxx.org -d /news [email protected] /$ id;uname -a uid=48apache gid=48apache groups=48apache,29000webserving context=root:systemr:httpdsysscriptt Linux server.xxxx.org...
CuteNews 1.4.1 - categories.mdu Remote Command Execution
CuteNews 1.4.1 - categories.mdu Remote Command Execution !/usr/bin/perl cijfer-cnxpl - CuteNews All rights reserved. 1. example cijfer@kalma:/research$ ./cijfer-cnxpl.pl -h www.xxxx.org -d /news [email protected] /$ id;uname -a uid=48apache gid=48apache groups=48apache,29000webserving...
PHPBook 1.x - Mail Field PHP Code Injection
PHPBook 1.x - Mail Field PHP Code Injection source: https://www.securityfocus.com/bid/16106/info phpBook is prone to a vulnerability that may let remote attackers inject arbitrary PHP code into the application. This code may then be executed by visiting pages that include the injected code. E-mai...
OABoard 1.0 Forum - Remote File Inclusion
source: https://www.securityfocus.com/bid/16105/info The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application. This could result in the execution of arbitrary PHP code in the context of th...
CVE-2005-4558
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include...
CVE-2005-4558
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include...
CVE-2005-4558
CVE-2005-4558 affects IceWarp Web Mail 5.5.1 (used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue arises in mail/index.html where the language parameter lang_settings is not properly restricted before storage in the database, allowing remote authenticated users to ...
IceWarp Universal WebMail - mailinclude.html Crafted HTTP_USER_AGENT Arbitrary File Access
IceWarp Universal WebMail - mailinclude.html Crafted HTTPUSERAGENT Arbitrary File Access source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp...
IceWarp Universal WebMail - dirinclude.html?lang Local File Inclusion
IceWarp Universal WebMail - dirinclude.html?lang Local File Inclusion source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into...
IceWarp Universal WebMail - adminincinclude.php Multiple Remote File Inclusions
IceWarp Universal WebMail - adminincinclude.php Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal...
IceWarp Universal WebMail - mailsettings.html?Language Local File Inclusion
IceWarp Universal WebMail - mailsettings.html?Language Local File Inclusion source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMai...
IceWarp Universal WebMail - '/accounts/inc/include.php' Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites. An attacker can exploit these issues to include arbitra...
Tolva 0.1 - Usermods.php Remote File Inclusion
Tolva 0.1 - Usermods.php Remote File Inclusion source: https://www.securityfocus.com/bid/16000/info Tolva is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the...
Tolva 0.1 - 'Usermods.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/16000/info Tolva is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may help the attacker...
CVE-2005-4424
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. dot dot in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00...
Plogger Beta 2 - Remote File Inclusion
Plogger Beta 2 - Remote File Inclusion source: https://www.securityfocus.com/bid/15992/info Plogger is prone to a remote file include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the Web server...
Plogger Beta 2 - Remote File Inclusion
source: https://www.securityfocus.com/bid/15992/info Plogger is prone to a remote file include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the Web server process. This may facilitate a...
PHPCOIN 1.2.2 - includesdb.php?$_CCFG[_PKG_PATH_DBSE] Traversal Arbitrary File Access
PHPCOIN 1.2.2 - includesdb.php?$CCFGPKGPATHDBSE Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/15831/info PhpCOIN is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploi...
CVE-2005-4171
The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP...