PHP 4.x/5 - cURL 'open_basedir' Restriction Bypass

source: https://www.securityfocus.com/bid/11557/info It is reported that cURL allows malicious users to bypass 'openbasedir' restrictions in PHP scripts. This issue is due to a failure of the cURL module to properly enforce PHPs 'openbasedir' restriction. Users with the ability to create or modif...

UBB.threads dosearch.php SQL injection

There is a SQL injection issue in the remote version of UBB.threads that may allow an attacker to execute arbitrary SQL statements on the remote host and potentially overwrite arbitrary files there by sending a malformed value to the 'Name' argument of the file 'dosearch.php'. %NASLMINLEVEL 70300...

Gallery: Arbitrary command execution

Background Gallery is a PHP script for maintaining online photo albums. Description The upload handling code in Gallery places uploaded files in a temporary directory. After 30 seconds, these files are deleted if they are not valid images. However, since the file exists for 30 seconds, a carefull...

Bugs fixed in Version 1.4.3

In-Reply-To: [email protected] B. Unspecified File Download Vulnerability B1. An error in the MyDMS software allows to a registered users and only to registered users to download any file, such as /etc/passwd, by inserting in a parameter a text such as...

Plesk Reloaded login_up.php3 login_name Parameter XSS

The remote host is running Plesk Reloaded from SWsoft, a web-based system administration tool. The remote version of this software is vulnerable to a cross-site scripting attack because of its failure to sanitize user input to the 'loginname' parameter of the 'loginup.php3' script. This issue can...

BasiliX login.php3 username Variable Arbitrary Command Execution

The remote host appears to be running a version of BasiliX between 1.0.2beta or 1.0.3beta. In such versions, the script 'login.php3' fails to sanitize user input, which enables a remote attacker to pass in a specially crafted value for the parameter 'username' with arbitrary commands to be execut...

wpquiz.txt

Ok so here is what I found Authors website wireplastik.com currently down php script I found exploit in wpquiz version 2.60b8 also tested on 2.60b 1-7 Exploit: by default wpquiz comes with a folder called extras. This folder is not password protected nor does it require any sort of authentication...

phpBB 2.0.x - 'viewtopic.php' PHP Script Injection

source: https://www.securityfocus.com/bid/10701/info The 'viewtopic.php' phpBB script is prone to a remote PHP script injection vulnerability because the application fails to properly sanitize user-supplied URI parameters before using them to construct dynamically generated web pages. Exploiting...

YaPiG 0.92 - Remote Server-Side Script Execution

source: https://www.securityfocus.com/bid/10891/info A vulnerability is reported to exist in YaPiG that may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack if sanitization of user-supplied data. It is reported that an attacker may be ab...

centreVuln.txt

Summary: www.miller-group.net The Miller Group, Inc. announces the release of Centre, a free student information system for public and non-public schools. Centre is a web-based, open source, student management product with features that include scheduling, grade book, attendance, eligibility,...

artmedic_links5 PHP Script (include path) vuln

There's a possilbity of looking at files with apache priviliges using artmediclinks5 php script. http://www.artmedic-phpscripts.de/artmediclinks.php. Vulnerability include path is in index.php, standard use: hostname/artmediclinks5/index.php?id=file or index.php?id=url I noticed there's a lot of...

DSA-516 postgresql - buffer overflow

Bulletin has no description...

Invision Power Board index.php pop Parameter XSS

There is a bug in the version of Invision Power Board on the remote host that makes it vulnerable to cross-site scripting attacks. An attacker may exploit this issue to steal the credentials of legitimate users of this site. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

phpMyAdmin255pl1.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior Summary : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW. There is a vulnerability in the current stable version of phpMyAdmin...

Laurent Adda Les Commentaires 2.0 - PHP Script 'fonctions.lib.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system. All...

Laurent Adda Les Commentaires 2.0 - PHP Script admin.php Remote File Inclusion

Laurent Adda Les Commentaires 2.0 - PHP Script admin.php Remote File Inclusion source: https://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external...

Laurent Adda Les Commentaires 2.0 - PHP Script 'derniers_commentaires.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system. All...

Andys PHP Projects Man Page Lookup Script - Information Disclosure

Andys PHP Projects Man Page Lookup Script - Information Disclosure source: https://www.securityfocus.com/bid/9395/info A problem in the handling of user-supplied input by Andy's PHP Projects Man Page Lookup script has been reported. Because of this, it is possible for an attacker to gain...

Invision Power Top Site List SQL Inection

Vendor : Invision Power Services URL : http://www.invisionpower.com Version : Invision Power Top Site List v1.1 / Risk : SQL Injection Vulnerability Description: Invision Power Top Site List is a flexible site ranking script written in PHP, the popular programming choice for web developers...

[UNIX] Land Down Under auth.php SQL Injection

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...