Lucene search
K

864 matches found

Positive Technologies
Positive Technologies
added 2005/04/07 12:0 a.m.13 views

PT-2005-2067 · Phpbb · Phpbb

Name of the Vulnerable Software and Affected Versions: phpBB versions 2.0.x Description: The issue concerns a file upload script, specifically the mod for phpBB, which fails to properly restrict the types of files that can be uploaded. This allows remote authenticated users to execute arbitrary...

7.5CVSS7.4AI score0.02057EPSS
Exploits0References5
CVE
CVE
added 2005/03/26 5:0 a.m.61 views

CVE-2005-0869

phpSysInfo 2.3 is affected by CVE-2005-0869. The issue enables remote attackers to obtain sensitive information by requesting specific PHP files (class.OpenBSD.inc.php, class.NetBSD.inc.php, class.FreeBSD.inc.php, class.Darwin.inc.php, XPath.class.php, system_header.php, system_footer.php), which...

5CVSS6.1AI score0.01409EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2005/03/22 12:0 a.m.7 views

PT-2005-1857 · Ciamos +2 · Ciamos +2

Name of the Vulnerable Software and Affected Versions: RUNCMS version 1.1A CIAMOS version 0.9.2 RC1 e-Xoops version 1.05 Rev3 Description: The issue allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter. This can be used to read sensitive information...

5CVSS6.7AI score0.09176EPSS
Exploits1References13
Cvelist
Cvelist
added 2005/03/20 5:0 a.m.19 views

CVE-2005-0790

phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to 1 lib-xmlrpcs.inc.php, 2 maintenance-activation.php, 3 maintenance-cleantables.php, 4 maintenance-autotargeting.php, 5 maintenance-reports.php, 6 phpads.php, 7 remotehtmlview.php, 8 click.php, 9...

6.2AI score0.01425EPSS
Exploits0References4
Cvelist
Cvelist
added 2005/03/20 5:0 a.m.22 views

CVE-2005-0780

paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 auth.php, 2 login.php, 3 category.php, 4 file.php, 5 team.php, 6 license.php, 7 custom.php, 8 admins.php, or 9 backupdb.php, which reveal the path in a PHP error message...

6.2AI score0.05138EPSS
Exploits0References1
exploitpack
exploitpack
added 2005/03/19 12:0 a.m.10 views

Ciamos 0.9.2 - Highlight.php File Disclosure

Ciamos 0.9.2 - Highlight.php File Disclosure source: https://www.securityfocus.com/bid/12854/info Ciamos is reported prone to a file disclosure vulnerability. The full scope of this vulnerability is not currently known, however, it is demonstrated that this issue may be leveraged to disclose the...

7.4AI score
Exploits0
CVE
CVE
added 2005/03/12 5:0 a.m.53 views

CVE-2005-0724

CVE-2005-0724 affects paFileDB versions 3.1 and earlier. Affected component: PHP application paFileDB; root cause is that an invalid str parameter to pafiledb.php or direct requests to viewall.php, stats.php, search.php, rate.php, main.php, license.php, category.php, download.php, file.php, email...

5CVSS6.3AI score0.01194EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2005/03/01 5:0 a.m.16 views

CVE-2005-0606

Cross-site scripting XSS vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the 1 catid, 2 PHPSESSID, 3 viewdoc, 4 product, 5 session, 6 catname, 7 search, or 8 page parameters...

5.9AI score0.01964EPSS
Exploits1References6
CVE
CVE
added 2005/02/20 5:0 a.m.44 views

CVE-2004-1581

CVE-2004-1581 affects BlackBoard 1.5.1. A remote attacker can request (1) checkdb.inc.php, (2) admin.inc.php, or (3) cp.inc.php and trigger a PHP error that reveals the install path, enabling information disclosure. No fixes or mitigations are described in the provided documents. Impacts are limi...

5CVSS7AI score0.01181EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2005/02/20 5:0 a.m.24 views

CVE-2004-1571

AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to 1 auto-acronyms.php, 2 auto-archive.php, 3 ount-article-views.php, 4 kses.php, 5 custom-quick-tags.php, 6 disable-all-comments.php, 7 easy-date-format.php, 8 enable-disable-comments.php, 9...

6.5AI score0.0155EPSS
Exploits1References3
Cvelist
Cvelist
added 2005/02/19 5:0 a.m.20 views

CVE-2004-1506

Multiple cross-site scripting XSS vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via 1 viewentry.php, 2 viewd.php, 3 usersel.php, 4 datesel.php, 5 trailer.php, or 6 styles.php, as demonstrated using img srg tags...

5.9AI score0.01283EPSS
Exploits1References4
securityvulns
securityvulns
added 2005/02/18 12:0 a.m.42 views

[PersianHacker.NET 200505-07] paFAQ Beta4 Sql Injection

PersianHacker.NET 200505-07 paFAQ Beta4 Sql Injection Date: 2005 February Bug Number: 07 paFAQ is a feature rich FAQ/Knowledge base system allowing webmasters to keep an organized database of Frequently Asked Questions. paFAQ also makes a great Knowledge Database for problems and solutions relate...

1AI score
Exploits0
CVE
CVE
added 2005/02/13 5:0 a.m.59 views

CVE-2004-1448

CVE-2004-1448 affects Jetbox One 2.0.8 (and possibly other versions). The issue is an unrestricted remote file upload in the IMAGES module that allows users with Author privileges to upload PHP files, leading to arbitrary code execution on the server. The public records describe the vulnerability...

4.6CVSS7.5AI score0.01687EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2005/02/10 5:0 a.m.55 views

CVE-2005-0272

The provided documents confirm a vulnerability in ReviewPost (PHP Pro) prior to version 2.84. The flaw allows remote attackers to upload and execute arbitrary PHP files by submitting a review file with multiple extensions, bypassing the product’s restrictions. This results in remote code executio...

7.5CVSS7.4AI score0.02659EPSS
Exploits2References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.17 views

BASE < 1.4.3 XSS

Binary data 5033.prm...

7.3AI score
Exploits0References1
NVD
NVD
added 2004/08/17 4:0 a.m.17 views

CVE-2004-1721

The 1 function.php or 2 function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000...

5CVSS6.8AI score0.02351EPSS
Exploits0References7
CVE
CVE
added 2004/07/13 4:0 a.m.72 views

CVE-2004-0660

CuteNews 1.3.1 is affected by a cross-site scripting (XSS) vulnerability in show_archives.php and show_news.php (and possibly other PHP files), allowing remote attackers to inject arbitrary script via the id parameter. This aligns with OpenVAS entries labeling it as a CuteNews XSS vulnerability a...

6.8CVSS5.9AI score0.03947EPSS
Exploits0References3Affected Software1
exploitpack
exploitpack
added 2004/06/03 12:0 a.m.14 views

Mail Manage EX 3.1.8 MMEX - Settings PHP Remote File Inclusion

Mail Manage EX 3.1.8 MMEX - Settings PHP Remote File Inclusion source: https://www.securityfocus.com/bid/10457/info Mail Manage EX is reportedly prone to a remote file include vulnerability. This vulnerability results from insufficient sanitization of user-supplied data and may allow remote...

7.5AI score
Exploits0
Exploit DB
Exploit DB
added 2004/06/03 12:0 a.m.31 views

Mail Manage EX 3.1.8 MMEX - &#039;Settings&#039; PHP Remote File Inclusion

source: https://www.securityfocus.com/bid/10457/info Mail Manage EX is reportedly prone to a remote file include vulnerability. This vulnerability results from insufficient sanitization of user-supplied data and may allow remote attackers to include arbitrary PHP files located on remote servers...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2004/01/03 12:0 a.m.36 views

include&#40;&#41; vuln in EasyDynamicPages v.2.0

Producr:EasyDynamicPages v.2.0: Advanced Portal Management System Vendors:http://software.stoitsov.com Bug :include Risk:Cao Author:tsbeginnervnc Web : www.security.com.vn ------------------------------------- Introduction : system, personal or business site or what you need. The goal is to have ...

0.5AI score
Exploits0
Rows per page
Query Builder