Lucene search
K

2604 matches found

Positive Technologies
Positive Technologies
added 2005/06/08 12:0 a.m.6 views

PT-2005-2851 · Flatnuke · Flatnuke

Name of the Vulnerable Software and Affected Versions: FlatNuke version 2.5.3 Description: A direct code injection issue allows remote attackers to execute arbitrary PHP code by placing the code into the referer header of an HTTP request. This causes the code to be injected into referer.php, whic...

7.5CVSS7.7AI score0.03465EPSS
Exploits1References8
exploitpack
exploitpack
added 2005/03/23 12:0 a.m.31 views

Vortex Portal 2.0 - content.php?act Remote File Inclusion

Vortex Portal 2.0 - content.php?act Remote File Inclusion source: https://www.securityfocus.com/bid/12878/info Vortex Portal is reportedly affected by a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user supplied input. It is...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2005/02/15 12:0 a.m.13 views

CitrusDB 0.3.6 - Arbitrary Local PHP File Inclusion

CitrusDB 0.3.6 - Arbitrary Local PHP File Inclusion source: https://www.securityfocus.com/bid/12564/info CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input. This...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2005/02/15 12:0 a.m.17 views

CitrusDB 0.3.6 - Arbitrary Local PHP File Inclusion

source: https://www.securityfocus.com/bid/12564/info CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input. This issue is reported to affect CitrusDB 0.3.6; earlier...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/02/14 12:0 a.m.28 views

GLSA-200501-39 : SquirrelMail: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200501-39 SquirrelMail: Multiple vulnerabilities SquirrelMail fails to properly sanitize certain strings when decoding specially crafted strings, which can lead to PHP file inclusion and XSS. Insufficient checking of incoming URLs...

7.5CVSS6.5AI score0.02342EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/02/13 5:0 a.m.26 views

CVE-2004-1448

Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code...

7.4AI score0.01687EPSS
Exploits1References6
Gentoo Linux
Gentoo Linux
added 2005/01/28 12:0 a.m.35 views

SquirrelMail: Multiple vulnerabilities

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted strings, which can lead to PHP file inclusion and XSS...

7.5CVSS7.6AI score0.02342EPSS
Exploits0
NVD
NVD
added 2004/12/31 5:0 a.m.18 views

CVE-2004-2255

Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename...

6.4CVSS6.9AI score0.01983EPSS
Exploits0References7
NVD
NVD
added 2004/12/31 5:0 a.m.17 views

CVE-2004-1448

Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code...

4.6CVSS7.4AI score0.01687EPSS
Exploits1References6
0day.today
0day.today
added 2004/12/22 12:0 a.m.79 views

e107 include() Remote Exploit

Exploit for unknown platform in category web applications ============================= e107 include Remote Exploit ============================= | | | | | | |/ \ \ /\ / / | | | | \ V V / || ||/ // Security Group. -= e107 remote sploit =- by sysbug Attack method: with this sploit u can send an...

7.1AI score
Exploits0
NVD
NVD
added 2004/12/06 5:0 a.m.13 views

CVE-2004-0613

osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory...

7.5CVSS7.5AI score0.09869EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2004/10/01 12:0 a.m.32 views

phpPOC.txt

PHP File Upload Vulnerability POC Title: Overwrite $FILE array in rfc1867 - Mime multipart/form-data File Upload Author: Stefano Di Paola Affected: Php "; if isuploadedfile$FILES'userfile''tmpname' && moveuploadedfile$FILES'userfile''tmpname', $uploadfile print "File is valid, and was successfull...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/09/17 12:0 a.m.37 views

PHP rfc1867.c $_FILES Array Crafted MIME Header Arbitrary File Upload

The remote host is running a version of PHP that is older than 4.3.9 or 5.0.2. The remote version of this software is affected by an unspecified file upload vulnerability that could allow a local attacker to upload arbitrary files to the server. This flaw can only be exploited locally...

2.1CVSS8.3AI score0.00577EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.12 views

GLSA-200406-09 : Horde-Chora: Remote code execution

The remote host is affected by the vulnerability described in GLSA-200406-09 Horde-Chora: Remote code execution A vulnerability in the diff viewer of Chora allows an attacker to inject shellcode. An attacker can exploit PHP's file upload functionality to upload a malicious binary to a vulnerable...

6.2AI score
Exploits0References2
securityvulns
securityvulns
added 2004/08/19 12:0 a.m.22 views

Vulnerabilities in Merak Webmail Server.

CRIOLABS http://www.criolabs.net - Software: Merak Webmail Server - Type: Webmail - Company: Merak Mail Server, Inc. Software Software: Merak Webmail Server Version: 5.2.7 Plataforms: All Windows platforms Web: http://www.merakmailserver.com/ Vendor Description Merak's WebMail Server is used by...

Exploits0
Gentoo Linux
Gentoo Linux
added 2004/06/15 12:0 a.m.13 views

Horde-Chora: Remote code execution

Background Chora is a PHP-based SVN/CVS repository viewer by the HORDE project. Description A vulnerability in the diff viewer of Chora allows an attacker to inject shellcode. An attacker can exploit PHP's file upload functionality to upload a malicious binary to a vulnerable server, chmod it as...

3.3AI score
Exploits0
exploitpack
exploitpack
added 2004/05/24 12:0 a.m.18 views

cPanel 5 9 - Local Privilege Escalation

cPanel 5 9 - Local Privilege Escalation source: https://www.securityfocus.com/bid/10407/info cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the modphpsuexec option are insecure. These settings...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2004/04/16 12:0 a.m.32 views

Include vulnerability in GEMITEL v 3.50

GEMITEL V 3 build 50 :: include vulnerability URL : http://www.isesam.com/ FORUM : http://www.isesam.com/forums/gemitel/threadopen.shtml Vendor has been contacted. Description : --------------- Gemitel is a free software written in php that allows to manage micro payments like allopass,...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2004/02/04 12:0 a.m.42 views

Les Commentaires (PHP) Include file

Informations : °°°°°°°°°°°°°° Website : http://www.phpscripts-fr.net Version : all Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° config/fonctions.lib.php dernierscommentaires.php admin.php ------------------------------------------------------------------ if !isset$rep $rep = './...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2004/01/26 12:0 a.m.43 views

Gallery 1.3.x/1.4 - Remote Global Variable Injection

source: https://www.securityfocus.com/bid/9490/info It has been reported that Gallery is prone to a vulnerability that may allow a remote attacker to gain unauthorized access by overwriting various values for global variables. The issue occurs due to improper simulation of the behaviour of...

7.4AI score
Exploits0
Rows per page
Query Builder