CVE-2006-5027

CVE-2006-5027 affects JevonCMS (possibly pre-alpha). An attacker can remotely obtain sensitive information by directly requesting specific PHP include files (php/main/phplib files: db_msql.inc, db_mssql.inc, db_mysql.inc, db_oci8.inc, db_odbc.inc, db_oracle.inc, db_pgsql.inc, and db_sybase.inc). ...

PT-2006-5603 · Hitweb · Hitweb

Name of the Vulnerable Software and Affected Versions: Hitweb versions 3.0 Description: The issue concerns remote file inclusion vulnerabilities in Hitweb 3.0, allowing remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the REP CLASS parameter to various PHP...

CVE-2006-4743

CVE-2006-4743 affects WordPress 2.0.2 through 2.0.5, allowing remote attackers to obtain sensitive information by requesting specific PHP files (e.g., 404.php, akismet.php, archive.php, etc.), which causes error messages that reveal internal paths. The connected documents corroborate the list of ...

PT-2006-5352 · Yacs · Yacs Cms

Name of the Vulnerable Software and Affected Versions: YACS CMS version 6.6.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the contextpath to root parameter in several PHP files, including "articles/populate.php", "categories/category.php",...

Tons of SQL-injections and XSS in Eichhorn Portal and vendor page

Hi list. There are lots of SQL injections and XSS in the 'Eichhorn Portal' by 'Guder und Koch Netzwerktechnik' and their own website. Input passed to multiple parameters in different PHP-files isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary...

Chaussette 080706 - _BASE Remote File Inclusion

Chaussette 080706 - BASE Remote File Inclusion Chaussette Remote File Inclusion CreW: ToXiC Bug Found By Drago84 Source Code: http://freshmeat.net/redir/chaussette/64502/urlzip/chaussette.zip Page Affect /Classes/Evenement.php /Classes/Event.php /Classes/Eventformonth.php...

CVE-2006-3884

Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the 1 offset and 2 limit parameters, 3 newdays parameter in a new action, and the 4 linkid parameter in a deadlink action. NOTE: this issue can also be used...

CVE-2006-3884

Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the 1 offset and 2 limit parameters, 3 newdays parameter in a new action, and the 4 linkid parameter in a deadlink action. NOTE: this issue can also be used...

PT-2006-4402 · Bosclassifieds · Bosclassifieds Classified Ads

Name of the Vulnerable Software and Affected Versions: BosClassifieds Classified Ads affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter to various PHP files, including "index.php", "recent.php",...

free QBoard v1.1 Multiple Remote File include

free QBoard v1.1 Multiple Remote File include ------------------------------------------------- Discovered By CrAshoVeRrIdE Arabian Security Team ------------------------------------------------- site of script:http://sourceforge.net/projects/freeqboard/...

APBoardSQL.txt

APBoard 2.2-r3 = SQL Injections - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Discovered by: 666 SR-Crew Homepage: www.SR-Crew.de.tt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Vendor: APBoard from APP Homepage: www.php-programs.de - - - - - - - - - - - - - - - - - -...

CVE-2006-2660

Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the...

Remote file inclusion

PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the includeprefix parameter in 1 inc/dbase.php, 2 inc/config.php, 3 inc/common.php, and 4 inc/function.php. NOTE: it has been reported that the inc directory is...

[MajorSecurity #9]HostAdmin <= 3.1 - Remote File Include Vulnerability

MajorSecurity 9HostAdmin = 3.1 - Remote File Include Vulnerability ------------------------------------------------------------------------- Software: HostAdmin Version: =3.1 Type: Remote File Include Vulnerability Date: June, 3rd 2006 Vendor: dreamcost Page: http://dreamcost.com Risc: High...

Sql injection

SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the 1 id parameter to a index.php, and the 2 nid parameter to b newsdetail.php, c emailstory.php, d thankyou.php, e printableview.php, f tellafriend.php, and g sendcomments.php. NOTE:...

Directory traversal

Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal...

CVE-2006-2672

Multiple cross-site scripting XSS vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the 1 listingid parameter to a images.php, b indexother.php, or c requestinfo.php; 2 propertyid parameter to d searchlookup.php, 3 id parameter to e images.php, or...

[Full-disclosure] Multiple XSS Vulnerabilities in Tikiwiki 1.9.x

Multiple XSS Vulnerabilities in Tikiwiki 1.9.x Discovered by Blwood http://www.blwood.net http://www.blwood.net/ Public ------------- Tiki-lastchanges http://www.site.com/ http://www.site.com http://127.0.0.1/tikiwiki1.9.3.1/tikiwiki-1.9.3.1/tiki-lastchanges.php?...

Pre News Manager v1.0

Pre News Manager v1.0 Homepage: http://www.preprojects.com/news.asp Description: Effected files: index.php newsdetail.php emailstory.php thankyou.php printableview.php tellafriend.php sendcomments.php Exploits & Vulns: XSS Vulnerabilities: By inserting IMG20"""SCRIPTalert"XSS"/SCRIPT" onto the id...

CVE-2006-2516

mainfile.php in XOOPS 2.0.13.2 and earlier, when registerglobals is enabled, allows remote attackers to overwrite variables such as $xoopsOption'nocommon' and conduct directory traversal attacks or include PHP files via 1 xoopsConfiglanguage to misc.php or 2 xoopsConfigthemeset to index.php, as...