JGS-Portal < 3.03 Multiple Scripts SQL Injection

Binary data 2917.prm...

CVE-2005-1446

SitePanel 2.6.1 and earlier SitePanel2 allows remote attackers to upload and execute arbitrary files such as PHP scripts via an attachment to a trouble ticket...

CVE-2005-0743

The custom avatar uploading feature uploader.php for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered...

CVE-2005-0200

TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386...

Yappa-ng 1.x/2.x - Remote File Inclusion

source: https://www.securityfocus.com/bid/13371/info yappa-ng is prone to a remote file include vulnerability. This issue may let remote attackers include and execute malicious remote PHP scripts. The vendor has not published any specific details about this vulnerability other than stating that i...

Yappa-ng 1.x2.x - Remote File Inclusion

Yappa-ng 1.x2.x - Remote File Inclusion source: https://www.securityfocus.com/bid/13371/info yappa-ng is prone to a remote file include vulnerability. This issue may let remote attackers include and execute malicious remote PHP scripts. The vendor has not published any specific details about this...

Coppermine Gallery SQL Injection

Binary data 2846.prm...

[NT] Magic Winmail Server&#39;s Multiple Vulnerabilities

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2005-0724

paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via 1 an invalid str parameter to pafiledb.php, or a direct request to 2 viewall.php, 3 stats.php, 4 search.php, 5 rate.php, 6 main.php, 7 license.php, 8 category.php, 9 download.php, 10 file.php, 11 email.php, or 12...

Invision Power Board Software Detection

The remote host is running Invision Power Board , a suite of PHP scripts for operating a web-based bulletin board system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17203; scriptversion"1.19"; scriptsetattributeattribute:"pluginmodificationdate",...

CVE-2004-1601

Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. dot dot in the op parameter...

CVE-2004-1601

The CVE-2004-1601 entry concerns CoolPHP 1.0-stable. Affected component: index.php; vulnerability: directory traversal via the op parameter using .. to access arbitrary files and execute local PHP scripts. Root cause: improper input validation leading to path traversal. Exploitation details are n...

CVE-2004-1508

init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the userinc parameter...

CVE-2004-1508

CVE-2004-1508 : The WebCalendar project is affected through init.php, where remote attackers can cause the application to execute arbitrary local PHP scripts via the user_inc parameter. This corresponds to a network-accessible vulnerability with a CVSS v2 base score of 7.5 (high). OpenVAS entries...

CVE-2005-0200

TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386...

CVE-2005-0200

CVE-2005-0200 affects TikiWiki prior to 1.8.5, where uploaded files in the temp directory could bypass validation and allow a remote attacker to upload and execute arbitrary PHP scripts (a separate issue from CVE-2004-1386). Open-source/advisory references (GLSA GLSA-200501-41, GLSA-200501-12) in...

ITA Forum 1.49 - SQL Injection

!/usr/bin/perl use LWP::UserAgent; ITA Forum 1.49 sql injection exploit with one char bruteforce by 1dt.w0lf // r57 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: example: r57ita.pl http://127.0.0.1/ITA/ admin 0 ! Exploiting adduser.php...

ZeroBoard < 4.1pl5 Multiple Remote Vulnerabilities

The remote host runs ZeroBoard, a web BBS application popular in Korea. The remote version of this software is vulnerable to cross-site scripting and remote script injection due to a lack of sanitization of user-supplied data. Successful exploitation of this issue may allow an attacker to execute...

MediaWiki 1.3.x - Arbitrary Script Upload

MediaWiki 1.3.x - Arbitrary Script Upload source: https://www.securityfocus.com/bid/11985/info MediaWiki is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied...

blogtorrent.txt

Intro ----- Blogtorrent is a collection of PHP scripts which are designed to make it simple to host files for transfer via bittorrent. Whilst it is not normal to report security problems in "preview" releases of software this software was covered prominently upon Slashdot and could be widely used...