Netref 4.2 - 'Cat_for_gen.php' Remote PHP Script Injection

source: https://www.securityfocus.com/bid/13275/info A remote PHP script injection vulnerability affects Netref. This issue is due to a failure of the application to sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary PHP script code in the context of an affected...

Netref 4.2 - Cat_for_gen.php Remote PHP Script Injection

Netref 4.2 - Catforgen.php Remote PHP Script Injection source: https://www.securityfocus.com/bid/13275/info A remote PHP script injection vulnerability affects Netref. This issue is due to a failure of the application to sanitize user-supplied data. An attacker may leverage this issue to execute...

Invision Power Board index.php Members Action st Parameter SQL Injection

A version of Invision Power Board installed on the remote host suffers from a SQL injection vulnerability due to its failure to sanitize user input via the 'st' parameter to the 'index.php' script. An attacker can take advantage of this flaw to inject arbitrary SQL statements into Invision Power...

CVE-2005-0478

Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via 1 an HTTP request with a long User-Agent header or 2 a long argument to an arbitrary PHP script...

MagicScripts E-Store Kit-2 PayPal Edition - Remote File Inclusion

MagicScripts E-Store Kit-2 PayPal Edition - Remote File Inclusion source: https://www.securityfocus.com/bid/12910/info MagicScripts E-Store Kit-2 PayPal Edition is prone to a remote file include vulnerability. Remote attackers could potentially exploit this issue to include a remote malicious PHP...

MagicScripts E-Store Kit-2 PayPal Edition - Remote File Inclusion

source: https://www.securityfocus.com/bid/12910/info MagicScripts E-Store Kit-2 PayPal Edition is prone to a remote file include vulnerability. Remote attackers could potentially exploit this issue to include a remote malicious PHP script. If the attacker is able to execute the remote script it...

phpSysInfo23.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11 Author: Maksymilian Arciemowicz cXIb8O3 Date: 22.3.2005 from SECURITYREASON.COM TEAM - --- 0.Description --- PHPSysInfo 2.3 is a customizable PHP Script that parses /proc, and formats information...

Invision Power Board HTTP POST Request IFRAME Tag XSS

The version of Invision Power Board installed on the remote host does not properly sanitize HTML tags, which enables a remote attacker to inject a malicious IFRAME when posting a message to one of the hosted forums. This could cause arbitrary HTML and script code to be executed in the context of...

[SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11 Author: Maksymilian Arciemowicz cXIb8O3 Date: 22.3.2005 from SECURITYREASON.COM TEAM - --- 0.Description --- PHPSysInfo 2.3 is a customizable PHP Script that parses /proc, and formats information...

TRG News 3.0 Script - Remote File Inclusion

TRG News 3.0 Script - Remote File Inclusion source: https://www.securityfocus.com/bid/12855/info A remote file include vulnerability affects TRG News. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality...

stadtaus16.txt

----------------------------------------------------------------------------- Name: Stadtaus Voting Script Release: 1.6 Homepage: http://www.stadtaus.com/phpscripts/votingscript/ Attack: Remote file inclusion Risk: High Date: 8 March 2005 Author: Nextime...

VoteBox 2.0 - Votebox.php Remote File Inclusion

VoteBox 2.0 - Votebox.php Remote File Inclusion source: https://www.securityfocus.com/bid/12806/info It is reported that VoteBox is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input to the 'votebox.ph...

CVE-2005-0743

The custom avatar uploading feature uploader.php for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered...

UBB.threads editpost.php Number Parameter SQL Injection

According to its banner, the remote host is running a version of UBB.threads that fails to sufficiently sanitize the 'Number' parameter before using it in SQL queries in the 'editpost.php' script. As a result, a remote attacker can pass malicious input to database queries, potentially resulting i...

Stadtaus PHP Form Mail formmail.inc.php Remote File Inclusion

There is a version of Form Mail Script, a PHP script by Ralf Stadtaus, installed on the remote host that suffers from a remote file include vulnerability involving the 'scriptroot' parameter of the 'inc/formmail.inc.php' script. By leveraging this flaw, an attacker may be able to view arbitrary...

AuraCMS.txt

--------------------------------------------------------------------------- Vulnerabilities in Aura CMS --------------------------------------------------------------------------- Author: y3dips Date: Januari, 25th 2005 Location: Indonesia, Jakarta Web: http://echo.or.id/adv/adv011-y3dips-2005.tx...

CuteNews Detection

The remote host is running CuteNews, a news management script written in PHP that uses flat files for storage. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid17255; scriptversion"1.23";...

[SIG^2 G-TEC] RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities

SIG^2 Vulnerability Research Advisory RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities by Tan Chew Keong Release Date: 01 Mar 2005 ADVISORY URL http://www.security.org.sg/vuln/raidenhttpd1132.html SUMMARY RaidenHTTPD Server http://www.raidenhttpd.com/en/index.html is a...

PBLang BBS <= 4.65 Multiple Vulnerabilities

According to its banner, the remote host is running a version of PBLang BBS, a bulletin board system written in PHP, that suffers from the following vulnerabilities: - HTML Injection Vulnerability in pmpshow.php. An attacker can inject arbitrary HTML and script into the body of PMs sent to users...

PANews 2.0 - PHP Remote Code Execution

PANews 2.0 - PHP Remote Code Execution source: https://www.securityfocus.com/bid/12611/info PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews software through the 'showcopy' parameter of the...