B2 0.6 - 'b2edit.showposts.php?b2inc' Remote File Inclusion

source: https://www.securityfocus.com/bid/4673/info B2 is a news/weblog tool written in php. b2 allows webmasters to quickly post news on the frontpage, and let viewers interact with each other. It is available primarily for Unix and Linux. A variable that is referenced in the PHP scripts does no...

CVE-2001-1298

Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1298

Webodex PHP script 1.0 and earlier is vulnerable to an insecure remote file inclusion via an HTTP request that sets the includedir variable. This allows remote attackers to include arbitrary files from remote web sites. The description specifies the affected product and the vulnerable parameter, ...

ADManager 1.1 - Content Manipulation

source: https://www.securityfocus.com/bid/4615/info Admanager is banner advertisement management software. It is written in PHP and will run on most Unix and Linux variants, in addition to Microsoft Windows operating systems. Access to the 'add.php3' script does not require authentication. It is...

xNewsletter 1.0 - Form Field Input Validation

xNewsletter 1.0 - Form Field Input Validation source: https://www.securityfocus.com/bid/4516/info xNewsletter is a script that allows web users to subscribe to a newsletter. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems...

move_uploaded_file breaks safe_mode restrictions in PHP

Hey Its possible to circumvent probadly spelled wrong PHP safemode restrictions by using moveuploadedfile. You take this nasty script and you have domain whatever.com and your directory path is /domains/whatever.com/ ? $file = $HTTPPOSTFILES'file''name'; $type = $HTTPPOSTFILES'file''type'; $size ...

[ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities

+/---------------- ALPER Research Labs ------/--------/+ +/---------------- Security Advisory -----/---------/+ +/---------------- ID: ARL02-A11 ----/----------/+ +/---------------- [email protected] ---/-----------/+ Advisory Information -------------------- Name : Big Sam Built-In Guestbook...

CVE-2001-1049

Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1048

AWOL-related CVE-2001-1048 affects the AWOL PHP application and allows a remote attacker to include arbitrary files from remote web sites by setting the includedir HTTP parameter. The vulnerability enables remote code execution through local file inclusion-like behavior via a crafted request to i...

CVE-2001-1049

CVE-2001-1049 affects Phorecast PHP script prior to version 0.40. The vulnerability enables a remote attacker to include arbitrary files from remote web sites by issuing an HTTP request that sets the includedir variable. This is a remote file inclusion (RFI) type issue, with the attack surface ti...

CVE-2001-1048

AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

Phorum Discussion Board Security Bug (Email Disclosure)

Concerning latest Phorum version 3.3.2 A bug in the PHP based forum script Phorum makes it possible to obtain the email addresses of the 10 most active users. In the 'admin/' directory of the forum there is a script called 'stats.php' that allows administrators and anyone else, since there is no...

CVE-2001-1050

CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1051

Technical details about CVE-2001-1051 are not publicly provided in the supplied documents. Monitor for updates.

CVE-2001-1052

The provided data documents CVE-2001-1052 as a remote file inclusion flaw in the Empris PHP script. An HTTP request that sets the includedir variable allows an attacker to include arbitrary files from remote web sites, enabling potential partial disclosure or modification of data via the vulnerab...

CVE-2001-1050

CVE-2001-1050 affects CCCSoftware CCC PHP script. The vulnerability arises from an HTTP request that sets the includedir variable, enabling remote attackers to include arbitrary files from remote web sites (remote file inclusion). The available documents do not specify affected versions, exact ro...

CVE-2001-1051

Dark Hart Portal darkportal PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

[Advisory iSecureLabs] Network Query Tool remote command execution

-- Network Query Tool 1.0 and Network Query Tool 1.0 Adapted for PHPNuke 5.2 remote command execution -- Problem discovered: 22/10/2001 by Cabezon Aurйlien | [email protected] | http://www.isecurelabs.com/article.php?sid=147 -- Description -- Network Query Tool 1.0 Adapted for...

CVE-2001-1051

Dark Hart Portal darkportal PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1048

AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...