CodeGrrl Applications Remote File Inclusion Vulnerabilities

The remote host appears to be running at least one of the PHP applications from CodeGrrl - PHPCalendar, PHPClique, PHPFanBase, or PHPQuotes. Under certain conditions, these applications fail to sanitize input to the 'siteurl' parameter of the 'protection.php' script before using it in a PHP...

Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)

The remote host is running Exponent CMS, an open source content management system written in PHP. The version of Exponent CMS installed on the remote host fails to sanitize input to the 'id' parameter of the resource module before using it in database queries. An unauthenticated attacker can...

Alstrasoft Template Seller Pro 3.25 - Remote File Inclusion

source: https://www.securityfocus.com/bid/15441/info Template Seller Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an...

Alstrasoft Template Seller Pro 3.25 - Remote File Inclusion

Alstrasoft Template Seller Pro 3.25 - Remote File Inclusion source: https://www.securityfocus.com/bid/15441/info Template Seller Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit...

OSTE 1.0 - Remote File Inclusion

OSTE 1.0 - Remote File Inclusion source: https://www.securityfocus.com/bid/15340/info OSTE is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PH...

CuteNews Multiple Script Traversal Privilege Escalation

The version of CuteNews installed on the remote host fails to sanitize input to the 'template' parameter of the 'showarchives.php' and 'shownews.php' scripts. An attacker can exploit this issue to read arbitrary files and possibly even execute arbitrary PHP code on the remote host, subject to the...

Calendarix Advanced <= 1.5 Multiple Vulnerabilities - Active Check

Calendarix is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2005 Josh Zlatin-Amishav Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

phpGedView Code injection Vulnerability

The remote host is running phpGedView, a set of CGI scripts which parse GEDCOM 5.5 genealogy files and display them on the internet in a format similar to desktop programs. There are multiple vulnerabilities in this product : - A path disclosure vulnerability, which will give more information abo...

osTicket < 1.2.7 Attachment Code Execution Vulnerability - Active Check

The target is running at least one instance of osTicket that enables a remote user to open a new ticket with an attachment containing arbitrary PHP code and then to run that code using the permissions of the web server user. SPDX-FileCopyrightText: 2005 George A. Theall Some text descriptions mig...

CVE-2005-3420

usercpregister.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signaturebbcodeuid parameter, as demonstrated by injecting an "e" modifier into a pregreplace statement...

CVE-2005-3420

usercpregister.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signaturebbcodeuid parameter, as demonstrated by injecting an "e" modifier into a pregreplace statement...

PHP iCalendar index.php phpicalendar Parameter Remote File Inclusion

The remote host appears to be running PHP iCalendar, a web-based iCal file viewer / parser written in PHP. The version of PHP iCalendar installed on the remote host fails to sanitize the 'phpicalendar' cookie before using it in 'index.php' to include PHP code from a separate file. By leveraging...

CVE-2005-3304

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via 1 the username parameter in the Your Account page, 2 the url parameter in the Downloads module, and 3 the description parameter in the WebLinks module...

Flyspray Multiple Vulnerabilities

Binary data 3269.prm...

Mantis Bug Tracker 0.19.21.0 - Bug_sponsorship_list_view_inc.php File Inclusion

Mantis Bug Tracker 0.19.21.0 - Bugsponsorshiplistviewinc.php File Inclusion source: https://www.securityfocus.com/bid/15212/info Mantis is prone to a remote and local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacke...

Belchior Foundry VCard 2.9 - Remote File Inclusion

Belchior Foundry VCard 2.9 - Remote File Inclusion source: https://www.securityfocus.com/bid/15207/info vCard is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute...

phpMyAdmin < 2.6.4-pl3 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote host is affected by a local file inclusion vulnerability that can be exploited by an unauthenticated attacker to read arbitrary files, and possibly even to execute arbitrary PHP code on the affected host subject to the permissions of the web serve...

Mantis Bug Tracker 0.19.2/1.0 - &#039;Bug_sponsorship_list_view_inc.php&#039; File Inclusion

source: https://www.securityfocus.com/bid/15212/info Mantis is prone to a remote and local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote and local PHP code on a...

CVE-2005-3304

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via 1 the username parameter in the Your Account page, 2 the url parameter in the Downloads module, and 3 the description parameter in the WebLinks module...

CVE-2005-3153

login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a differe...