Lucene search
K

1132 matches found

Tenable Nessus
Tenable Nessus
added 2005/03/11 12:0 a.m.40 views

PhotoPost PHP < 5.0.1 Multiple Remote Vulnerabilities

According to its banner, the version of PhotoPost PHP installed on the remote host has several vulnerabilities: - An Access Validation Vulnerability. The 'adm-photo.php' script fails to verify authentication credentials, which allows an attacker to change the properties of thumbnails of uploaded...

7.5CVSS6AI score0.02404EPSS
Exploits2References8
securityvulns
securityvulns
added 2005/03/03 12:0 a.m.32 views

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

2.2AI score
Exploits0References30Affected Software20
Cvelist
Cvelist
added 2005/02/27 5:0 a.m.37 views

CVE-2005-0567

Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...

7.4AI score0.02726EPSS
Exploits0References6
securityvulns
securityvulns
added 2005/02/27 12:0 a.m.36 views

PHP, ASP, CGI web applications security vulnerabilities

PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...

2.2AI score
Exploits0References29Affected Software19
securityvulns
securityvulns
added 2005/02/22 12:0 a.m.28 views

[SA14321] Ulog-php SQL Injection Vulnerabilities

TITLE: Ulog-php SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA14321 VERIFY ADVISORY: http://secunia.com/advisories/14321/ CRITICAL: Less critical IMPACT: Manipulation of data WHERE: From local network SOFTWARE: Ulog-php 0.x http://secunia.com/product/4684/ DESCRIPTION: Some vulnerabilities...

0.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/02/16 12:0 a.m.50 views

DCP-Portal Multiple Scripts SQL Injection

The remote host is running DCP-Portal, a content management system powered by PHP. The version of DCP-Portal installed on the remote host fails to sanitize user-supplied input to many of its parameters before using it, either in database queries or dynamic web page generation. An attacker may be...

7.5CVSS5.9AI score0.03167EPSS
Exploits2References5
Cvelist
Cvelist
added 2005/02/13 5:0 a.m.21 views

CVE-2005-0380

Multiple PHP remote file inclusion vulnerabilities in 1 printcategory.php, 2 login.php, 3 setup.php, 4 askpassword.php, or 5 error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that...

7.7AI score0.04427EPSS
Exploits1References12
Cvelist
Cvelist
added 2005/02/12 5:0 a.m.28 views

CVE-2004-1421

Multiple PHP remote file inclusion vulnerabilities 1 stepone.php, 2 steponetables.php, 3 steptwotables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the serverinc parameter to reference a URL on a remote web server that contains the cod...

7.6AI score0.0423EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2005/02/10 12:0 a.m.96 views

Debian DSA-669-1 : php3 - several vulnerabilities

Two vulnerabilities have been discovered in php4 which also apply to the version of php3 in the stable Debian distribution. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0594 The memorylimit functionality allows remote attackers to execute arbitra...

6.8CVSS5.7AI score0.54856EPSS
Exploits4References3
FreeBSD
FreeBSD
added 2005/01/29 12:0 a.m.30 views

squirrelmail -- XSS and remote code injection vulnerabilities

A SquirrelMail Security Advisory reports: SquirrelMail 1.4.4 has been released to resolve a number of security issues disclosed below. It is strongly recommended that all running SquirrelMail prior to 1.4.4 upgrade to the latest release. Remote File Inclusion Manoel Zaninetti reported an issue in...

6.8CVSS5.8AI score0.02818EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2005/01/10 5:0 a.m.29 views

CVE-2004-1018

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via 1 a negative offset value to the shmopwrite function, 2 an "integer overflow/underflow" in the pack function, or 3 an "integer...

10CVSS6.3AI score0.1616EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2005/01/10 5:0 a.m.57 views

CVE-2004-1019

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow"...

10CVSS7AI score0.07996EPSS
Exploits0References2
NVD
NVD
added 2005/01/10 5:0 a.m.24 views

CVE-2004-1018

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via 1 a negative offset value to the shmopwrite function, 2 an "integer overflow/underflow" in the pack function, or 3 an "integer...

10CVSS7.6AI score0.1616EPSS
Exploits0References15
securityvulns
securityvulns
added 2005/01/09 12:0 a.m.32 views

CGI/PHP/ASP bugs

No description provided...

0.9AI score
Exploits0References17Affected Software12
Packet Storm
Packet Storm
added 2005/01/02 12:0 a.m.34 views

sugarCRM.txt

---------------------------------------------------------------------------- Cross Site Scripting Vulnerabilities and Possible Code Execution in SugarCRM ---------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2004 Location: Basqu...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2005/01/02 12:0 a.m.25 views

PhpIncludeWorm.txt

!/usr/bin/perl use LWP::Simple; use IO::Socket::INET; while1 $numr = int rand9999; $caxe = "."; $caxe1 = "."; $caxe .= rand9999; $caxe1 .= rand9999; $arq = "."; $arq = int rand9999; opensites,"$arq"; print sites ""; closesites; $procura = 'inurl:.php?=' . $numr; for$n=0;$nnewPeerAddr =...

7.4AI score
Exploits0
NVD
NVD
added 2004/12/31 5:0 a.m.15 views

CVE-2004-1423

Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office VLO and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpcrootpath parameter to 1 includes/calendar.ph...

7.5CVSS7.6AI score0.15469EPSS
Exploits3References12
NVD
NVD
added 2004/12/31 5:0 a.m.15 views

CVE-2004-1421

Multiple PHP remote file inclusion vulnerabilities 1 stepone.php, 2 steponetables.php, 3 steptwotables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the serverinc parameter to reference a URL on a remote web server that contains the cod...

7.5CVSS7.7AI score0.0423EPSS
Exploits3References9
securityvulns
securityvulns
added 2004/12/23 12:0 a.m.24 views

Multiple PHP bugs

Integer overflow leading to memory content leak, safe mode protection bypass, openlog buffer overflow, etc...

3.5AI score
Exploits0References6Affected Software1
Gentoo Linux
Gentoo Linux
added 2004/12/19 12:0 a.m.77 views

PHP: Multiple vulnerabilities

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description Stefan Esser and Marcus Boerger reported several different issues in...

10CVSS7.6AI score0.10042EPSS
Exploits1
Rows per page
Query Builder