BasiliX Arbitrary Command Execution Vulnerability

The remote web server contains a BasiliX PHP script that is prone to arbitrary. SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

artmedic_links5 File Inclusion Vulnerability

Artmedic Links a links generating PHP script, has been found to contain an external file inclusion vulnerability. SPDX-FileCopyrightText: 2004 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CuteNews XSS

The remote web server contains a PHP script that is prone to cross-site scripting attacks. Description : According to it's banner, the version of CuteNews on the remote host fails to sanitize input to the 'archive' parameter of the 'showarchives.php' script. An attacker, exploiting this flaw, wou...

TeeKai Tracking Online XSS

The remote host runs Teekai Tracking Online, a PHP script used for tracking the number of user's on a Web site. This version is vulnerable to cross-site scripting attacks. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity. OpenVAS...

BasiliX Arbitrary Command Execution Vulnerability

The remote web server contains a PHP script that is prone to arbitrary command execution. Description : The remote host appears to be running a version of BasiliX between 1.0.2beta or 1.0.3beta. In such versions, the script 'login.php3' fails to sanitize user input, which enables a remote attacke...

Basit cms Cross Site Scripting Bugs

The remote web server contains a PHP script which is vulnerable to a cross site scripting and SQL injection issue. Description : Basit cms 1.0 has a cross site scripting bug. An attacker may use it to perform a cross site scripting attack on this host. In addition to this, it is vulnerable to a S...

osTicket Backdoored

There is a vulnerability in the current version of osTicket that allows an attacker to upload an PHP script, and then access it causing it to execute. This attack is being actively exploited by attackers to take over servers. This script tries to detect infected servers. OpenVAS Vulnerability Tes...

BasiliX Arbitrary File Disclosure Vulnerability

The remote web server contains a PHP script that is prone to information disclosure. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions allow retrieval of arbitrary files that are accessible to the web server user when sending a message since they...

PunBB profile.php XSS

The remote web server contains a PHP script that is prone to multiple cross-site scripting attacks. Description : According to its banner, the version of PunBB installed on the remote host fails to properly sanitize user input to the script 'profile.php'. With a specially-crafted URL, an attacker...

TeeKai Tracking Online XSS

The remote host runs Teekai Tracking Online, a PHP script used for tracking the number of user SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Remote Code Execution in ezContents

ezContents has been found to contain a vulnerability that would allow a remote attacker to cause the PHP script to include an external PHP file and execute its content. SPDX-FileCopyrightText: 2004 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright...

Artmedic Kleinanzeigen File Inclusion Vulnerability

Artmedic Kleinanzeigen, an email verifying PHP script, has been found to contain an external file inclusion vulnerability. SPDX-FileCopyrightText: 2004 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161)

A flaw was discovered in modssl's handling of the 'SSLVerifyClient' directive. This flaw occurs if a virtual host is configured using 'SSLVerifyClient optional' and a directive 'SSLVerifyClient required' is set for a specific location. For servers configured in this fashion, an attacker may be ab...

Digital Scribe login.php SQL Injection

The remote web server hosts Digital Scribe, a student-teacher set of scripts written in PHP. The version of Digital Scribe installed on the remote host is prone to a SQL injection attack through the 'login.php' script. A malicious user may be able to exploit this issue to manipulate database...

ATutor Password Reminder SQL Injection

The remote host is running ATutor, an open source, web-based, Learning Content Management System LCMS designed with accessibility and adaptability in mind. The remote version of this software contains an input validation flaw in the 'passwordreminder.php' script. This vulnerability occurs only wh...

vBulletin <= 3.0.9 Multiple Vulnerabilities

The version of vBulletin installed on the remote host fails to properly sanitize user-supplied input to a number of parameters and scripts before using it in database queries and to generate dynamic HTML. An attacker can exploit these issues to launch SQL injection and cross-site scripting attack...

punBB < 1.2.7 Multiple SQL Injection Vulnerabilities

Binary data 3220.prm...

CVE-2005-2817

Simple Machines Forum SMF 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server...

GLSA-200508-20 : phpGroupWare: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200508-20 phpGroupWare: Multiple vulnerabilities phpGroupWare improperly validates the 'mid' parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disable...

phpWebSite: Arbitrary command execution through XML-RPC and SQL injection

Background phpWebSite is a web site content management system. Description phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, "matrixkiller" reported that phpWebSite is vulnerable to an SQL injection attack. Impact A...