1408 matches found
Claroline 1.7.6 - includePath Remote Code Execution
Claroline 1.7.6 - includePath Remote Code Execution !/usr/bin/php -q -d shortopentag=on ? echo "Claroline = 1.7.6 "includePath" remote cmmnds xctn\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: "Powered by Claroline" -demo\r\n\r\n";...
Claroline <= 1.7.6 (includePath) Remote Code Execution Exploit
Exploit for unknown platform in category web applications ============================================================== Claroline = 1.7.6 includePath Remote Code Execution Exploit ============================================================== !/usr/bin/php -q -d shortopentag=on ? echo "Claroline...
e107 email.php Arbitrary Mail Relay
The version of e107 installed on the remote host contains a script, 'email.php' that allows an unauthenticated user to send email messages to arbitrary users and to control, to a large degree, the content of those messages. This issue can be exploited to send spam or other types of abuse through...
topsitesXSS.txt
Xtremescripts Topsites v1.1 Homepage: http://www.xtremescripts.com/topsites.php Description: Xtreme Topsites is a popular topsite PHP script for websites. Most commonly used across anime websites at the moment. The topsite will count hits/clicks in and hits out and will rank them on total hits so...
CVE-2006-2498
Invision Power Board IPB before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving 1 the posticon variable in classes/post/classpost.php and 2 the df value in actionpublic/moderate.php...
Code injection
Invision Power Board IPB before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving 1 the posticon variable in classes/post/classpost.php and 2 the df value in actionpublic/moderate.php...
[Full-disclosure] [Info Disclosure] Diesel PHP Job Site Latest Version
Subject: Info Disclosure Diesel PHP Job Site Latest Version Severity: Pretty Bad Title: Diesel PHP Job Site Latest Version Information Disclosure Home Page: http://www.dieselscripts.com/ Product Page: http://www.dieselscripts.com/diesel-job-site.html Date: May 17, 2006 Synopsis: ========= When an...
PHP Script Tools PSY Auction - item.php?id SQL Injection
PHP Script Tools PSY Auction - item.php?id SQL Injection source: https://www.securityfocus.com/bid/17974/info PSY Auction is prone to multiple input-validation vulnerabilities. The issues include HTML-injection and SQL-injection vulnerabilities. These issues are due to a failure in the applicatio...
Coppermine Photo Gallery index.php file Parameter Local File Inclusion
The version of Coppermine Gallery installed on the remote host fails to properly sanitize input to the 'file' parameter of the 'index.php' script before using it in a PHP 'includeonce' function. Regardless of PHP's 'registerglobals' setting, an unauthenticated attacker may be able to exploit this...
[eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities
New eVuln Advisory: QLnews XSS and PHP Code Insertion Vulnerabilities http://evuln.com/vulns/113/summary.html --------------------Summary---------------- eVuln ID: EV0113 CVE: CVE-2006-1575 CVE-2006-1576 Software: QLnews Sowtware's Web Site: http://www.vscripts.pl/ Versions: 1.2 Critical Level:...
PHP 4.x - 'tempnam() open_basedir' Restriction Bypass
source: https://www.securityfocus.com/bid/17439/info PHP is prone to multiple 'safemode' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations. These vulnerabilities would be an...
BASE base_maintenance.php Authentication Bypass
The remote host is running BASE, a web-based tool for analyzing alerts from one or more SNORT sensors. The version of BASE installed on the remote host allows a remote attacker to bypass authentication to the 'basemaintenance.php' script and then perform selected maintenance tasks. %NASLMINLEVEL...
CVE-2006-1558
Cross-site scripting XSS vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter...
Sql injection
SQL injection vulnerability in PHP Script Index allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1559
CVE-2006-1559 affects PHP Script Index with a SQL injection vulnerability exploitable via the search parameter. The NVD listing reports a network-exploitable issue of low complexity and no authentication, enabling remote attackers to potentially perform arbitrary SQL commands, with partial impact...
CVE-2006-1558
The CVE-2006-1558 entry concerns an XSS vulnerability in PHP Script Index, specifically in search.php. The underlying issue is a reflected/script injection via the search parameter, allowing remote attackers to inject arbitrary web script or HTML. Connected data confirm the affected component as ...
CVE-2006-1558
Cross-site scripting XSS vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter...
[SA19443] PHP Script Index "search" Cross-Site Scripting Vulnerability
TITLE: PHP Script Index "search" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA19443 VERIFY ADVISORY: http://secunia.com/advisories/19443/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: PHP Script Index http://secunia.com/product/9033/ DESCRIPTION:...
phpBannerExchange Template Class Local File Inclusion
The remote host is running phpBannerExchange, a banner exchange script written in PHP. The version of phpBannerExchange installed on the remote host uses a template class that fails to sanitize user-supplied input before using it in a PHP 'include' function. An unauthenticated attacker can exploi...