1408 matches found
TeeKai Tracking Online XSS
The remote host runs Teekai Tracking Online, a PHP script used for tracking the number of user's on a Web site. This version is vulnerable to cross-site scripting attacks. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity. OpenVAS...
osTicket Backdoored
There is a vulnerability in the current version of osTicket that allows an attacker to upload an PHP script, and then access it causing it to execute. This attack is being actively exploited by attackers to take over servers. This script tries to detect infected servers. OpenVAS Vulnerability Tes...
Remote Code Execution in ezContents
ezContents has been found to contain a vulnerability that would allow a remote attacker to cause the PHP script to include an external PHP file and execute its content. SPDX-FileCopyrightText: 2004 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright...
artmedic_links5 File Inclusion Vulnerability
Artmedic Links a links generating PHP script, has been found to contain an external file inclusion vulnerability. SPDX-FileCopyrightText: 2004 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CuteNews XSS
The remote web server contains a PHP script that is prone to cross-site scripting attacks. Description : According to it's banner, the version of CuteNews on the remote host fails to sanitize input to the 'archive' parameter of the 'showarchives.php' script. An attacker, exploiting this flaw, wou...
TeeKai Tracking Online XSS
The remote host runs Teekai Tracking Online, a PHP script used for tracking the number of user SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...
Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161)
A flaw was discovered in modssl's handling of the 'SSLVerifyClient' directive. This flaw occurs if a virtual host is configured using 'SSLVerifyClient optional' and a directive 'SSLVerifyClient required' is set for a specific location. For servers configured in this fashion, an attacker may be ab...
Digital Scribe login.php SQL Injection
The remote web server hosts Digital Scribe, a student-teacher set of scripts written in PHP. The version of Digital Scribe installed on the remote host is prone to a SQL injection attack through the 'login.php' script. A malicious user may be able to exploit this issue to manipulate database...
ATutor Password Reminder SQL Injection
The remote host is running ATutor, an open source, web-based, Learning Content Management System LCMS designed with accessibility and adaptability in mind. The remote version of this software contains an input validation flaw in the 'passwordreminder.php' script. This vulnerability occurs only wh...
vBulletin <= 3.0.9 Multiple Vulnerabilities
The version of vBulletin installed on the remote host fails to properly sanitize user-supplied input to a number of parameters and scripts before using it in database queries and to generate dynamic HTML. An attacker can exploit these issues to launch SQL injection and cross-site scripting attack...
punBB < 1.2.7 Multiple SQL Injection Vulnerabilities
Binary data 3220.prm...
CVE-2005-2817
Simple Machines Forum SMF 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server...
GLSA-200508-20 : phpGroupWare: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200508-20 phpGroupWare: Multiple vulnerabilities phpGroupWare improperly validates the 'mid' parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disable...
phpWebSite: Arbitrary command execution through XML-RPC and SQL injection
Background phpWebSite is a web site content management system. Description phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, "matrixkiller" reported that phpWebSite is vulnerable to an SQL injection attack. Impact A...
GLSA-200508-14 : TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC
The remote host is affected by the vulnerability described in GLSA-200508-14 TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC The XML-RPC library shipped in TikiWiki and eGroupWare improperly handles XML-RPC requests and responses with malformed nested tags. Impact : A remote...
PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability
Background The PEAR XML-RPC and phpxmlrpc libraries are both PHP implementations of the XML-RPC protocol. Description Stefan Esser of the Hardened-PHP Project discovered that the PEAR XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC requests and responses with malformed nested tags...
Zorum 3.5 remote code execution poc exploit
Zorum 3.5 remote code execution poc exploit software: description: Zorum is a freely available, open source Web-based forum application implemented in PHP. It is available for UNIX, Linux, and any other platform that supports PHP script execution. author site: http://zorum.phpoutsourcing.com/ 1...
[EXPL] ezUpload path Parameter Command Execution (Exploit)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
[SA16398] PHP Designer 2005 NULL Character File Display Weakness
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities
The remote host is running SysCP, an open source control panel written in PHP. The version of SysCP installed on the remote host uses user-supplied input to several variables in various scripts without sanitizing it. Provided PHP's 'registerglobals' setting is enabled, an attacker can exploit the...