SimpNews 2.0.1/2.13 PATH_SIMPNEWS Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8227/info SimpNews is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a Simpnews URI variable. This variab...

artmedic weblog 1.0 - Multiple Local File Inclusion Vulnerabilities

No description provided by source. artmedic weblog multiple local file inclusion vulnerabilities download http://artmedic-phpscripts.de/index.php?did=artmedicweblog.zip author muuratsalo contact muuratsaloatgmail.com exploits...

TCW PHP Album Multiple Vulnerabilities

No description provided by source. 1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: TCW PHP Album Multiple Vulnerability Vendor...

SPGPartenaires 3.0.1 delete.php SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/6455/info Several vulnerabilities have been discovered in SPGPartenaires. The vulnerabilities are due to insufficient sanitization of the 'pass' and 'SPGP' variables used to construct SQL queries in various PHP scripts. B...

Jax PHP Scripts 1.0/1.34/2.14/3.31 logfile.csv User IP Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

Jax PHP Scripts 1.0/1.34/2.14/3.31 archive.php language Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

Netref 4.0 - Multiple Remote SQL Injection Vulnerabilities

No description provided by source. SuB-ZeRo Dz-hackers Netref 4.0 Remote SQL Injection Vulnerability ----------------------------------------------------------------------------------------------------------- +Discovred by : SuB-ZeRo +Vendor URL : www.netref.net +downloader :...

deV!Lz Clanportal [DZCP] <= 1.3.6 - Arbitrary File Upload Vulnerability

No description provided by source. S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload PHP code and execute it,...

Jax PHP Scripts 1.0/1.34/2.14/3.31 ips2block Banned IP Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

Jax PHP Scripts 1.0/1.34/2.14/3.31 sign_in.php language Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

Jax PHP Scripts 1.0/1.34/2.14/3.31 guestbook File Client IP Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

Jax PHP Scripts 1.0/1.34/2.14/3.31 ips2block Banned IP List Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

List of 8,000 FTP Credentials for Sale in Underground Forums

Hackers are targeting FTP upload sites with the hopes of redirecting victims to spam or even infecting webservers that rely on FTP applications for updates. Hold Security reported yesterday it had secured a list of credentials for close to 7,800 FTP sites being circulated in cybercrime forums. Th...

CVE-2013-5013

Multiple cross-site scripting XSS vulnerabilities in the management console on the Symantec Web Gateway SWG appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via 1 vectors involving PHP scripts and 2 unspecified other vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the management console on the Symantec Web Gateway SWG appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via 1 vectors involving PHP scripts and 2 unspecified other vectors...

Apache suEXEC - Information Disclosure / Privilege Escalation

Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI or SSI program executes, it runs as...

Symantec Endpoint Protection Management Console RCE Vulnerability

Symantec Endpoint Protection is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Input validation

The management console in Symantec Endpoint Protection SEP 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via...

Symantec Endpoint Protection Management Consoles Multiple Issues

SUMMARY The management console in Symantec Endpoint Protection Manager SEPM and Symantec Protection Center SPC for SEP 12.0 Small Business Edition, contains PHP scripts that do not properly validate external input. This could potentially result in remote code execution. Symantec Network Access...

Mapserver for Windows Local File Include Vulnerability

Mapserver for WindowsMS4W is prone to a local file include vulnerability because it fails to sufficiently sanitize user supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holder...