[ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities

+/---------------- ALPER Research Labs ------/--------/+ +/---------------- Security Advisory -----/---------/+ +/---------------- ID: ARL02-A11 ----/----------/+ +/---------------- [email protected] ---/-----------/+ Advisory Information -------------------- Name : Big Sam Built-In Guestbook...

CVE-2001-1048

AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1048

AWOL-related CVE-2001-1048 affects the AWOL PHP application and allows a remote attacker to include arbitrary files from remote web sites by setting the includedir HTTP parameter. The vulnerability enables remote code execution through local file inclusion-like behavior via a crafted request to i...

CVE-2001-1049

CVE-2001-1049 affects Phorecast PHP script prior to version 0.40. The vulnerability enables a remote attacker to include arbitrary files from remote web sites by issuing an HTTP request that sets the includedir variable. This is a remote file inclusion (RFI) type issue, with the attack surface ti...

CVE-2001-1049

Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

Phorum Discussion Board Security Bug (Email Disclosure)

Concerning latest Phorum version 3.3.2 A bug in the PHP based forum script Phorum makes it possible to obtain the email addresses of the 10 most active users. In the 'admin/' directory of the forum there is a script called 'stats.php' that allows administrators and anyone else, since there is no...

CVE-2001-1051

Dark Hart Portal darkportal PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1050

CVE-2001-1050 affects CCCSoftware CCC PHP script. The vulnerability arises from an HTTP request that sets the includedir variable, enabling remote attackers to include arbitrary files from remote web sites (remote file inclusion). The available documents do not specify affected versions, exact ro...

CVE-2001-1050

CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1051

Technical details about CVE-2001-1051 are not publicly provided in the supplied documents. Monitor for updates.

CVE-2001-1052

The provided data documents CVE-2001-1052 as a remote file inclusion flaw in the Empris PHP script. An HTTP request that sets the includedir variable allows an attacker to include arbitrary files from remote web sites, enabling potential partial disclosure or modification of data via the vulnerab...

[Advisory iSecureLabs] Network Query Tool remote command execution

-- Network Query Tool 1.0 and Network Query Tool 1.0 Adapted for PHPNuke 5.2 remote command execution -- Problem discovered: 22/10/2001 by Cabezon Aurйlien | [email protected] | http://www.isecurelabs.com/article.php?sid=147 -- Description -- Network Query Tool 1.0 Adapted for...

CVE-2001-1048

AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1234

Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable...

CVE-2001-1051

Dark Hart Portal darkportal PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1237

Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable...

CVE-2001-1298

Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1235

pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable...

CVE-2001-1052

Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1296

More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...