PayPal Store Front 3.0 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an attacker-specified location. This could be exploited to include a remo...

e107 Website System 0.554 - HTML Injection

e107 Website System 0.554 - HTML Injection source: https://www.securityfocus.com/bid/8279/info The e107 content management system is prone to an HTML injection vulnerability. This issue is exposed through the class2.php script. An attacker may exploit this issue by including hostile HTML and scri...

e107 Website System 0.554 - HTML Injection

source: https://www.securityfocus.com/bid/8279/info The e107 content management system is prone to an HTML injection vulnerability. This issue is exposed through the class2.php script. An attacker may exploit this issue by including hostile HTML and script code in certain fields within the form...

WebCalendar long.php user_inc Parameter Traversal Arbitrary File Access

The remote installation of WebCalendar may allow an attacker to read arbitrary files on the remote host by supplying a filename to the 'userinc' argument of the file 'long.php'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

MoreGroupWare 0.6.8 - WEBMAIL2_INC_DIR Remote File Inclusion

MoreGroupWare 0.6.8 - WEBMAIL2INCDIR Remote File Inclusion source: https://www.securityfocus.com/bid/8249/info moregroupware is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a...

diginews.txt

Digi-news and Digi-ads version 1.1 admin access without password .oO Overview Oo. Digi-news and Digi-ads version 1.1 admin access without password Discovered on 2003, March, 30th Vendor: Digi-FX Digi-news 1.1 is a PHP news editor. It allows you to easily add, edit, and delete news. Digi-ad 1.1 is...

[Full-Disclosure] BlackBook - Multiple Vunerabilities

------------------------------------------------------------------ - EXPL-A-2003-015 exploitlabs.com Advisory 015 ------------------------------------------------------------------ -= BlackBook =- Donnie Werner July 11, 2003 Vunerabilitys: ---------------- 1. XSS executes JS in PHP remotely 2...

pMachine 1.0/2.x - Multiple Script 'sfx' Full Path Disclosures

source: https://www.securityfocus.com/bid/7980/info It has been reported that pMachine is prone to remote a patch disclosure vulnerability when accessing various scripts. When a request is made for a target PHP script, possibly requiring a blank URI parameter, pMachine is said to throw an...

Webfroot Shoutbox 2.32 directory traversal and code injection.

Products: Webfroot Shoutbox v 2.32 and below http://shoutbox.sf.net Date: 09 May 2003 Author: pokleyzz pokleyzzatscan-associates.net Contributors: skatscan-associates.net shaharilatscan-associates.net muniratscan-associates.net URL: http://www.scan-associates.net Summary: Webfroot Shoutbox 2.32 a...

P-News p-news.php Name Field Privilege Escalation

The remote host is running the p-news bulletin board. There is a flaw in the version in use which may allow an attacker who has a 'Member' account to upgrade its privileges to administrator by supplying a malformed username. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: "Peter...

shoutbox.txt

Products: Webfroot Shoutbox v 2.32 and below http://shoutbox.sf.net Date: 09 May 2003 Author: pokleyzz Contributors: skatscan-associates.net shaharilatscan-associates.net muniratscan-associates.net URL: http://www.scan-associates.net Summary: Webfroot Shoutbox 2.32 and below directory traversal a...

Ultimate PHP Board admin_iplog.php Arbitrary Code Execution

The remote host is running Ultimate PHP Board UPB. There is a flaw in this version which may allow an attacker to execute arbitrary code on this host, by sending a malformed user-agent which contains PHP commands. Once the user-agent has been sent, it is stored in the logs. When the administrator...

Horde Turba status.php Path Disclosure

There is a flaw in the file 'status.php' of this CGI which may allow an attacker to retrieve the physical path of the remote web root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: 17 May 2003 13:18:59 -0000 From: Lorenzo Manuel Hernandez Garcia-Hierro To:...

Owl browse.php Authentication Bypass

The remote host is using owl intranet engine, an open source file sharing utility written in php. There is a flaw in this application that may allow an attacker to browse files on this host without having to log in. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: Tue, 13 May 2003...

Horde test.php Direct Reqest Information Disclosure

The remote server is running Horde or a related project along with one or more test scripts. These scripts may leak server-side information that is valuable to an attacker. %NASLMINLEVEL 70300 This script was written by Sverre H. Huseby See the Nessus Scripts License for details Changes by Tenabl...

CVE-2001-1296

More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1296

Technical details about CVE-2001-1296 are not publicly available in the provided documents. Monitor for updates.

CVE-2002-0513

The PHP administration script in poppermod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator...

Justice Guestbook 1.3 - Full Path Disclosure

Justice Guestbook 1.3 - Full Path Disclosure source: https://www.securityfocus.com/bid/7234/info A path disclosure vulnerability has been reported for Guestbook. The issue occurs when a request is made to the cfooter.php3 PHP script page. Access to sensitive filesystem information may aid an...

E-theni aff_liste_langue.php rep_include Parameter Remote File Inclusion

It is possible to make the remote host include PHP files hosted on a third-party server using E-Theni. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From:...