864 matches found
PT-2005-2067 · Phpbb · Phpbb
Name of the Vulnerable Software and Affected Versions: phpBB versions 2.0.x Description: The issue concerns a file upload script, specifically the mod for phpBB, which fails to properly restrict the types of files that can be uploaded. This allows remote authenticated users to execute arbitrary...
CVE-2005-0869
phpSysInfo 2.3 is affected by CVE-2005-0869. The issue enables remote attackers to obtain sensitive information by requesting specific PHP files (class.OpenBSD.inc.php, class.NetBSD.inc.php, class.FreeBSD.inc.php, class.Darwin.inc.php, XPath.class.php, system_header.php, system_footer.php), which...
PT-2005-1857 · Ciamos +2 · Ciamos +2
Name of the Vulnerable Software and Affected Versions: RUNCMS version 1.1A CIAMOS version 0.9.2 RC1 e-Xoops version 1.05 Rev3 Description: The issue allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter. This can be used to read sensitive information...
CVE-2005-0790
phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to 1 lib-xmlrpcs.inc.php, 2 maintenance-activation.php, 3 maintenance-cleantables.php, 4 maintenance-autotargeting.php, 5 maintenance-reports.php, 6 phpads.php, 7 remotehtmlview.php, 8 click.php, 9...
CVE-2005-0780
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 auth.php, 2 login.php, 3 category.php, 4 file.php, 5 team.php, 6 license.php, 7 custom.php, 8 admins.php, or 9 backupdb.php, which reveal the path in a PHP error message...
Ciamos 0.9.2 - Highlight.php File Disclosure
Ciamos 0.9.2 - Highlight.php File Disclosure source: https://www.securityfocus.com/bid/12854/info Ciamos is reported prone to a file disclosure vulnerability. The full scope of this vulnerability is not currently known, however, it is demonstrated that this issue may be leveraged to disclose the...
CVE-2005-0724
CVE-2005-0724 affects paFileDB versions 3.1 and earlier. Affected component: PHP application paFileDB; root cause is that an invalid str parameter to pafiledb.php or direct requests to viewall.php, stats.php, search.php, rate.php, main.php, license.php, category.php, download.php, file.php, email...
CVE-2005-0606
Cross-site scripting XSS vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the 1 catid, 2 PHPSESSID, 3 viewdoc, 4 product, 5 session, 6 catname, 7 search, or 8 page parameters...
CVE-2004-1581
CVE-2004-1581 affects BlackBoard 1.5.1. A remote attacker can request (1) checkdb.inc.php, (2) admin.inc.php, or (3) cp.inc.php and trigger a PHP error that reveals the install path, enabling information disclosure. No fixes or mitigations are described in the provided documents. Impacts are limi...
CVE-2004-1571
AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to 1 auto-acronyms.php, 2 auto-archive.php, 3 ount-article-views.php, 4 kses.php, 5 custom-quick-tags.php, 6 disable-all-comments.php, 7 easy-date-format.php, 8 enable-disable-comments.php, 9...
CVE-2004-1506
Multiple cross-site scripting XSS vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via 1 viewentry.php, 2 viewd.php, 3 usersel.php, 4 datesel.php, 5 trailer.php, or 6 styles.php, as demonstrated using img srg tags...
[PersianHacker.NET 200505-07] paFAQ Beta4 Sql Injection
PersianHacker.NET 200505-07 paFAQ Beta4 Sql Injection Date: 2005 February Bug Number: 07 paFAQ is a feature rich FAQ/Knowledge base system allowing webmasters to keep an organized database of Frequently Asked Questions. paFAQ also makes a great Knowledge Database for problems and solutions relate...
CVE-2004-1448
CVE-2004-1448 affects Jetbox One 2.0.8 (and possibly other versions). The issue is an unrestricted remote file upload in the IMAGES module that allows users with Author privileges to upload PHP files, leading to arbitrary code execution on the server. The public records describe the vulnerability...
CVE-2005-0272
The provided documents confirm a vulnerability in ReviewPost (PHP Pro) prior to version 2.84. The flaw allows remote attackers to upload and execute arbitrary PHP files by submitting a review file with multiple extensions, bypassing the product’s restrictions. This results in remote code executio...
BASE < 1.4.3 XSS
Binary data 5033.prm...
CVE-2004-1721
The 1 function.php or 2 function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000...
CVE-2004-0660
CuteNews 1.3.1 is affected by a cross-site scripting (XSS) vulnerability in show_archives.php and show_news.php (and possibly other PHP files), allowing remote attackers to inject arbitrary script via the id parameter. This aligns with OpenVAS entries labeling it as a CuteNews XSS vulnerability a...
Mail Manage EX 3.1.8 MMEX - Settings PHP Remote File Inclusion
Mail Manage EX 3.1.8 MMEX - Settings PHP Remote File Inclusion source: https://www.securityfocus.com/bid/10457/info Mail Manage EX is reportedly prone to a remote file include vulnerability. This vulnerability results from insufficient sanitization of user-supplied data and may allow remote...
Mail Manage EX 3.1.8 MMEX - 'Settings' PHP Remote File Inclusion
source: https://www.securityfocus.com/bid/10457/info Mail Manage EX is reportedly prone to a remote file include vulnerability. This vulnerability results from insufficient sanitization of user-supplied data and may allow remote attackers to include arbitrary PHP files located on remote servers...
include() vuln in EasyDynamicPages v.2.0
Producr:EasyDynamicPages v.2.0: Advanced Portal Management System Vendors:http://software.stoitsov.com Bug :include Risk:Cao Author:tsbeginnervnc Web : www.security.com.vn ------------------------------------- Introduction : system, personal or business site or what you need. The goal is to have ...