CVE-2001-1296

More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1052

Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

Локальный DoS против PHP (infinite loop)

PHP-cкрипт запрашивающий сам себя по http приводит к DoS против системы из-за открытия максимального числа соединений...

Quote generator 0.01 by Eric Persson

Hi all, Quote generator 0.01 php script by eric personn is vulnerable to the ../.. bug try this : www.yourhost.com/quote.html?filename=../../../../../../../../../../../../../ ../../../etc/issue&pathtofontfile=ariali.ttf It gives you the content of /etc/issue file regards, --- Cabezon Aurйlien...

Дырка в PHP-Nuke (xml parsing)

При разборе XML не проверяется таг TITLE, что позволяет вставить в него PHP-скрипт...

Basilix Webmail System *.class *.inc Permission Vulnerability

--------------------------------------------------- tamersahin.net Security Solutions Announcement --------------------------------------------------- Basilix Webmail System .class .inc Permission Vulnerability Release Date: January 12, 2001 Version Affected: Basilix Webmail System 0.9.7beta...

Apache 1.3 + PHP 3 - File Disclosure

Apache 1.3 + PHP 3 - File Disclosure source: https://www.securityfocus.com/bid/2060/info Apache Web Server is subject to disclose files to unauthorized users when used in conjunction with the PHP3 script language. By requesting a specially crafted URL by way of php, it is possible for a remote us...

Дырка в TWIG webmail

Используя ошибку в проверке агрументов можно загрузить и выполнить собственный php3-скрипт...

Security problems with Phorum php message board

Author: Brian Moon Homepage: www.phorum.org Version: 3.2.6 Problem: Any user can parse a choosed php script file using the Phorum sustem. It is also possibel, under certain circunstances, to execute arbitrary commands on the server as the httpd user. Status: Fixed in version 3.2.7 released...

vpopmail vchkpw USER/PASS Command Format String

The remote vpopmail server is vulnerable to an input validation bug that could allow any user to crash the server by providing a specially crafted username. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10463; scriptversion "1.23"; scriptcveid"CVE-2000-0583";...