Mambo Site Server mos_change_template XSS

An attacker may use the installed version of Mambo Site Server to perform a cross-site scripting attack on this host because of its failure to sanitize input to the 'return' and 'moschangetemplate' parameters of the 'index.php' script. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2004-1386

TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200...

CVE-2004-1386

CVE-2004-1386 : TikiWiki before 1.8.4.1 fails to properly verify uploaded images, enabling remote attackers to upload and execute arbitrary PHP scripts. This is a server-side code execution risk via image upload in the Wiki edit flow. The public description notes a separate issue (CVE-2005-0200) ...

CoolForum Multiple SQL Injections

The version of CoolForum, a bulletin-board application written in PHP, installed on the remote host fails to sanitize input to several parameters to scripts in the 'admin' directory before using it in database queries. An attacker could leverage these issues to manipulate SQL queries or attack th...

List of all admin accounts in phpBB

After discovering 'highlight' vulnerability in phpBB, many forums were patched, but... it is possible that attackers created a secret admin accounts... It is very hard to find secret admin accounts if the forum has too many users... you must check every account... So, here is a simple PHP script,...

TikiWiki File Upload temp Directory Arbitrary Script Execution

The remote host is running TikiWiki, a content management system written in PHP. The remote version of this software is vulnerable to a flaw in the way TikiWiki handles uploaded files. If an attacker is able to upload a file, they can then call the script remotely via a request to the...

vBulletin includes/init.php Unspecified Vulnerability

According to its banner, the remote version of vBulletin is vulnerable to an unspecified issue. It is reported that versions 3.0.0 through to 3.0.4 are prone to a security flaw in 'includes/init.php'. Successful exploitation requires that PHP's 'registerglobals' setting be enabled. %NASLMINLEVEL...

VideoDB < 2.0.2 Multiple Vulnerabilities

The remote host is VideoDB, a web-based video dabatase manager written in PHP. The remote version of this software is vulnerable to a SQL injection attack due to a lack of filtering on user-supplied input. An attacker may exploit this flaw to modify the remote database. This software may be...

Jacks FormMail.php remote file access vulnerability

Security Advisory Vendor: Jack Jack's Scripts Date: 31-Dec-2004 Script: FormMail.php Site: http://dtheatre.com/scripts/formmail.php Type: Remote Severity: High Version: 5.0 maybe others Script Overview: Jacks FormMail.php script is a simple PHP script that allows web site owners to easily email...

CVE-2004-1386

TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200...

PHPInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion

PHPInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion !/usr/bin/perl use LWP::Simple; use IO::Socket::INET; while1 $numr = int rand9999; $caxe = "."; $caxe1 = "."; $caxe .= rand9999; $caxe1 .= rand9999; $arq = "."; $arq = int rand9999; opensites,"$arq"; print sites ""; closesites;...

PHPInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion

!/usr/bin/perl use LWP::Simple; use IO::Socket::INET; while1 $numr = int rand9999; $caxe = "."; $caxe1 = "."; $caxe .= rand9999; $caxe1 .= rand9999; $arq = "."; $arq = int rand9999; opensites,"$arq"; print sites ""; closesites; $procura = 'inurl:.php?=' . $numr; for$n=0;$nnewPeerAddr =...

PhpInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion

Exploit for unknown platform in category web applications ================================================================ PhpInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion ================================================================ !/usr/bin/perl use LWP::Simple; use...

Singapore Gallery < 0.9.11 Multiple Vulnerabilities

Singapore is a PHP based photo gallery web application. The remote version of this software is affected by multiple vulnerabilities that may allow an attacker to read arbitrary files on the remote host or to execute arbitrary PHP commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

PAFileDB Multiple Script Error Message Path Disclosure

There is a flaw in the remote version of paFileDB that may let an attacker obtain the physical path of the remote installation by sending a malformed request to one of the scripts 'admins.php', 'category.php', or 'team.php'. This information may help an attacker make more focused attacks against...

Aztek Forum Multiple Script XSS

The remote host is using Aztek Forum, a web forum written in PHP. A vulnerability exists the remote version of this software - more specifically in the script 'forum2.php', that may allow an attacker to set up a cross-site scripting attack using the remote host. %NASLMINLEVEL 70300 C Tenable...

GFHost PHP GMail Remote Command Execution Exploit

No description provided by source. GFHost explo Spawn bash style Shell with webserver uid Greetz SPAX, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; $U1 =...

phpBB 2.0.x - &#039;admin_cash.php&#039; PHP Remote File Inclusion

source: https://www.securityfocus.com/bid/11701/info A vulnerability is reported to exist in the phpBB CashMod module that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system. Remote attackers could potentially exploit this issue vi...

PHP 4.x/5 - cURL &#039;open_basedir&#039; Restriction Bypass

source: https://www.securityfocus.com/bid/11557/info It is reported that cURL allows malicious users to bypass 'openbasedir' restrictions in PHP scripts. This issue is due to a failure of the cURL module to properly enforce PHPs 'openbasedir' restriction. Users with the ability to create or modif...

UBB.threads dosearch.php SQL injection

There is a SQL injection issue in the remote version of UBB.threads that may allow an attacker to execute arbitrary SQL statements on the remote host and potentially overwrite arbitrary files there by sending a malformed value to the 'Name' argument of the file 'dosearch.php'. %NASLMINLEVEL 70300...