CuteNews Debug Info Disclosure

There is a bug in the remote version of CuteNews that allows an attacker to obtain information from a call to the phpinfo PHP function such as the username of the user who installed php, if they are a SUDO user, the IP address of the host, the web server version, the system version unix / linux,...

Les Visiteurs v2.0.1 code injection vulnerability

Les Visiteurs is a great statistics script written in php. It gives you some graphicals informations on visitors of your website. This script was distributed by phpinfo.net but is no more maintained since a year. --------- In this version severals unprotected includes can be found in files: -...

PayPal Store Front 3.0 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an attacker-specified location. This could be exploited to include a remo...

e107 Website System 0.554 - HTML Injection

e107 Website System 0.554 - HTML Injection source: https://www.securityfocus.com/bid/8279/info The e107 content management system is prone to an HTML injection vulnerability. This issue is exposed through the class2.php script. An attacker may exploit this issue by including hostile HTML and scri...

e107 Website System 0.554 - HTML Injection

source: https://www.securityfocus.com/bid/8279/info The e107 content management system is prone to an HTML injection vulnerability. This issue is exposed through the class2.php script. An attacker may exploit this issue by including hostile HTML and script code in certain fields within the form...

WebCalendar long.php user_inc Parameter Traversal Arbitrary File Access

The remote installation of WebCalendar may allow an attacker to read arbitrary files on the remote host by supplying a filename to the 'userinc' argument of the file 'long.php'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

MoreGroupWare 0.6.8 - WEBMAIL2_INC_DIR Remote File Inclusion

MoreGroupWare 0.6.8 - WEBMAIL2INCDIR Remote File Inclusion source: https://www.securityfocus.com/bid/8249/info moregroupware is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a...

diginews.txt

Digi-news and Digi-ads version 1.1 admin access without password .oO Overview Oo. Digi-news and Digi-ads version 1.1 admin access without password Discovered on 2003, March, 30th Vendor: Digi-FX Digi-news 1.1 is a PHP news editor. It allows you to easily add, edit, and delete news. Digi-ad 1.1 is...

[Full-Disclosure] BlackBook - Multiple Vunerabilities

------------------------------------------------------------------ - EXPL-A-2003-015 exploitlabs.com Advisory 015 ------------------------------------------------------------------ -= BlackBook =- Donnie Werner July 11, 2003 Vunerabilitys: ---------------- 1. XSS executes JS in PHP remotely 2...

pMachine 1.0/2.x - Multiple Script 'sfx' Full Path Disclosures

source: https://www.securityfocus.com/bid/7980/info It has been reported that pMachine is prone to remote a patch disclosure vulnerability when accessing various scripts. When a request is made for a target PHP script, possibly requiring a blank URI parameter, pMachine is said to throw an...

Webfroot Shoutbox 2.32 directory traversal and code injection.

Products: Webfroot Shoutbox v 2.32 and below http://shoutbox.sf.net Date: 09 May 2003 Author: pokleyzz pokleyzzatscan-associates.net Contributors: skatscan-associates.net shaharilatscan-associates.net muniratscan-associates.net URL: http://www.scan-associates.net Summary: Webfroot Shoutbox 2.32 a...

P-News p-news.php Name Field Privilege Escalation

The remote host is running the p-news bulletin board. There is a flaw in the version in use which may allow an attacker who has a 'Member' account to upgrade its privileges to administrator by supplying a malformed username. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: "Peter...

shoutbox.txt

Products: Webfroot Shoutbox v 2.32 and below http://shoutbox.sf.net Date: 09 May 2003 Author: pokleyzz Contributors: skatscan-associates.net shaharilatscan-associates.net muniratscan-associates.net URL: http://www.scan-associates.net Summary: Webfroot Shoutbox 2.32 and below directory traversal a...

Ultimate PHP Board admin_iplog.php Arbitrary Code Execution

The remote host is running Ultimate PHP Board UPB. There is a flaw in this version which may allow an attacker to execute arbitrary code on this host, by sending a malformed user-agent which contains PHP commands. Once the user-agent has been sent, it is stored in the logs. When the administrator...

Horde Turba status.php Path Disclosure

There is a flaw in the file 'status.php' of this CGI which may allow an attacker to retrieve the physical path of the remote web root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: 17 May 2003 13:18:59 -0000 From: Lorenzo Manuel Hernandez Garcia-Hierro To:...

Owl browse.php Authentication Bypass

The remote host is using owl intranet engine, an open source file sharing utility written in php. There is a flaw in this application that may allow an attacker to browse files on this host without having to log in. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: Tue, 13 May 2003...

Horde test.php Direct Reqest Information Disclosure

The remote server is running Horde or a related project along with one or more test scripts. These scripts may leak server-side information that is valuable to an attacker. %NASLMINLEVEL 70300 This script was written by Sverre H. Huseby See the Nessus Scripts License for details Changes by Tenabl...

CVE-2001-1296

More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1296

Technical details about CVE-2001-1296 are not publicly available in the provided documents. Monitor for updates.

CVE-2002-0513

The PHP administration script in poppermod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator...