WebCalendar assistant_edit.php Unauthorized Access

The remote version of WebCalendar fails to restrict access to the script 'assistantedit.php'. An attacker can use this script to change assistants and to display all users in the system even when the 'Public access can view other users' setting has been disabled. %NASLMINLEVEL 70300 C Tenable...

Simple Machines Forum msg Parameter SQL Injection Vulnerability

The remote host is running Simple Machines Forum SMF, an open source web forum application written in PHP. The installed version of SMF on the remote host fails to properly sanitize input to the 'msg' parameter before using it in SQL queries. By exploiting this flaw, an attacker can affect databa...

Siteframe siteframe.php LOCAL_PATH Parameter Remote File Inclusion

The remote host is running Siteframe, an open source content management system using PHP and MySQL. The installed version of Siteframe does not properly sanitize the 'LOCALPATH' parameter of the 'siteframe.php' script before using it to include files. By leveraging this flaw, an attacker is able ...

[EXPL] ZeroBoard Remote Command Execution (Exploit, preg_replace)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

ZeroBoard 4.1 - 'preg_replace' Remote Nobody Shell

/ ---------------------------------------------------------------------------------- + Zeroboard pregreplace vulnerability Remote nobody shell exploit ---------------------------------------------------------------------------------- by n0gada [email protected] date : 2005/5/29 the bug Origina...

Horde Nag common-footer.inc Parent Frame Page Title XSS

According to its version, the remote installation of Nag fails to fully sanitize user-supplied input when setting the parent frame's page title by JavaScript in 'templates/common-footer.inc'. By leveraging this flaw, an attacker may be able to inject arbitrary HTML and script code into a user's...

Netref 4.2 - Cat_for_gen.php Remote PHP Script Injection

Netref 4.2 - Catforgen.php Remote PHP Script Injection source: https://www.securityfocus.com/bid/13275/info A remote PHP script injection vulnerability affects Netref. This issue is due to a failure of the application to sanitize user-supplied data. An attacker may leverage this issue to execute...

Netref 4.2 - 'Cat_for_gen.php' Remote PHP Script Injection

source: https://www.securityfocus.com/bid/13275/info A remote PHP script injection vulnerability affects Netref. This issue is due to a failure of the application to sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary PHP script code in the context of an affected...

Invision Power Board index.php Members Action st Parameter SQL Injection

A version of Invision Power Board installed on the remote host suffers from a SQL injection vulnerability due to its failure to sanitize user input via the 'st' parameter to the 'index.php' script. An attacker can take advantage of this flaw to inject arbitrary SQL statements into Invision Power...

CVE-2005-0478

Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via 1 an HTTP request with a long User-Agent header or 2 a long argument to an arbitrary PHP script...

MagicScripts E-Store Kit-2 PayPal Edition - Remote File Inclusion

MagicScripts E-Store Kit-2 PayPal Edition - Remote File Inclusion source: https://www.securityfocus.com/bid/12910/info MagicScripts E-Store Kit-2 PayPal Edition is prone to a remote file include vulnerability. Remote attackers could potentially exploit this issue to include a remote malicious PHP...

MagicScripts E-Store Kit-2 PayPal Edition - Remote File Inclusion

source: https://www.securityfocus.com/bid/12910/info MagicScripts E-Store Kit-2 PayPal Edition is prone to a remote file include vulnerability. Remote attackers could potentially exploit this issue to include a remote malicious PHP script. If the attacker is able to execute the remote script it...

phpSysInfo23.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11 Author: Maksymilian Arciemowicz cXIb8O3 Date: 22.3.2005 from SECURITYREASON.COM TEAM - --- 0.Description --- PHPSysInfo 2.3 is a customizable PHP Script that parses /proc, and formats information...

[SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11 Author: Maksymilian Arciemowicz cXIb8O3 Date: 22.3.2005 from SECURITYREASON.COM TEAM - --- 0.Description --- PHPSysInfo 2.3 is a customizable PHP Script that parses /proc, and formats information...

Invision Power Board HTTP POST Request IFRAME Tag XSS

The version of Invision Power Board installed on the remote host does not properly sanitize HTML tags, which enables a remote attacker to inject a malicious IFRAME when posting a message to one of the hosted forums. This could cause arbitrary HTML and script code to be executed in the context of...

TRG News 3.0 Script - Remote File Inclusion

TRG News 3.0 Script - Remote File Inclusion source: https://www.securityfocus.com/bid/12855/info A remote file include vulnerability affects TRG News. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality...

stadtaus16.txt

----------------------------------------------------------------------------- Name: Stadtaus Voting Script Release: 1.6 Homepage: http://www.stadtaus.com/phpscripts/votingscript/ Attack: Remote file inclusion Risk: High Date: 8 March 2005 Author: Nextime...

VoteBox 2.0 - Votebox.php Remote File Inclusion

VoteBox 2.0 - Votebox.php Remote File Inclusion source: https://www.securityfocus.com/bid/12806/info It is reported that VoteBox is affected by a remote PHP file include vulnerability. This issue is due in part to the application failing to properly sanitize user-supplied input to the 'votebox.ph...

CVE-2005-0743

The custom avatar uploading feature uploader.php for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered...

UBB.threads editpost.php Number Parameter SQL Injection

According to its banner, the remote host is running a version of UBB.threads that fails to sufficiently sanitize the 'Number' parameter before using it in SQL queries in the 'editpost.php' script. As a result, a remote attacker can pass malicious input to database queries, potentially resulting i...