CVE-2006-1162

CVE-2006-1162 : A directory traversal in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. in the op parameter, demonstrated by inserting malicious Email parameters into list.gtdat and accessing it with op. Root cause is improper path handling enabl...

Code injection

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing 1 "." dot and 2 space characters, which are ignored by Windows, as demonstrated by PHP files...

CVE-2006-0814

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing 1 "." dot and 2 space characters, which are ignored by Windows, as demonstrated by PHP files...

CVE-2005-4463

WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to 1 wp-includes/vars.php, 2 wp-content/plugins/hello.php, 3 wp-admin/upgrade-functions.php, 4 wp-admin/edit-form.php, 5 wp-settings.php, and 6 wp-admin/edit-form-comment.php, which leaks the path ...

CVE-2005-4449

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, th...

CVE-2005-4319

Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter...

CVE-2005-4227

Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via 1 the password and username parameters in advertiser.php, 2 the aid parameter in announcement.php, 3 the dcp5memberid, year, agid, day, days, hour, minute,...

CVE-2005-4034

Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the 1 s, 2 pg, and 3 sortb parameters to a index.php; 4 cid parameter to b gift.php and c fq.php; and 5 cat parameter to d articles.php...

CVE-2005-3824

The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action...

CVE-2002-2200

Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein 1 entete.php, 2 enteteacceuil.php, 3 index.php, or 4 newtopic.php...

CVE-2005-3133

Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to 1 delete arbitrary files or directories via a relative path to the id parameter to logout.html or 2 include arbitrary PHP files or other...

CVE-2005-2998

PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files...

CVE-2005-2998

PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files...

phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities

The remote host is running phpAdsNew / phpPgAds, an open source banner ad server. The version of phpAdsNews / phpPgAds installed on the remote host suffers from several flaws : - Remote PHP Code Injection Vulnerability The XML-RPC library bundled with the application allows an attacker to inject...

SaveWebPortal 3.4 - Multiple Directory Traversal Vulnerabilities

SaveWebPortal 3.4 - Multiple Directory Traversal Vulnerabilities source: https://www.securityfocus.com/bid/14643/info SaveWebPortal is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Exploitation...

SaveWebPortal 3.4 - Multiple Directory Traversal Vulnerabilities

source: https://www.securityfocus.com/bid/14643/info SaveWebPortal is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Exploitation of this vulnerability could lead to a loss of confidentiality an...

CVE-2005-2652

CVE-2005-2652 affects Zorum 3.5. The vulnerability permits remote attackers to obtain the full installation path by directly requesting any of these pages: gorum/notification.php, user.php, attach.php, blacklist.php, zorum/forum.php, globalstat.php, gorum/trace.php, gorum/badwords.php, or gorum/f...

CVE-2005-2473

Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to 1 PersonView.php, 2 MemberRoleChange.php, 3 PropertyAssign.php, 4 WhyCameEditor.php, 5 GroupPropsEditor.php, 6 Reports/PDFLabel.php, or 7 UserDelete.php, 8...

CVE-2005-2436

CVE-2005-2436 affects Website Baker Project. Affected functionality: browse.php allows remote disclosure of sensitive data. Root cause: error messages reveal the filesystem path when accessing (1) a non-existent dir parameter value or (2) direct requests to certain PHP files. Impact: partial conf...

CVE-2004-2255

Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename...