137 matches found
Debian DSA-724-1 : phpsysinfo - design flaw
Maksymilian Arciemowicz discovered several cross site scripting issues in phpsysinfo, a PHP based host information application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-724. The tex...
[SECURITY] [DSA 724-1] New phpsysinfo packages fix cross site scripting
-------------------------------------------------------------------------- Debian Security Advisory DSA 724-1 [email protected] http://www.debian.org/security/ Martin Schulze May 18th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 724-1] New phpsysinfo packages fix cross site scripting
-------------------------------------------------------------------------- Debian Security Advisory DSA 724-1 [email protected] http://www.debian.org/security/ Martin Schulze May 18th, 2005 http://www.debian.org/security/faq -...
DSA-724-1 phpsysinfo - design flaw
Bulletin has no description...
CVE-2005-0870
Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...
CVE-2005-0869
phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to 1 class.OpenBSD.inc.php, 2 class.NetBSD.inc.php, 3 class.FreeBSD.inc.php, 4 class.Darwin.inc.php, 5 XPath.class.php, 6 systemheader.php, or 7 systemfooter.php, which reveal the path in a PHP error messa...
CVE-2005-0869
phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to 1 class.OpenBSD.inc.php, 2 class.NetBSD.inc.php, 3 class.FreeBSD.inc.php, 4 class.Darwin.inc.php, 5 XPath.class.php, 6 systemheader.php, or 7 systemfooter.php, which reveal the path in a PHP error messa...
CVE-2005-0870
Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...
CVE-2005-0870
Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...
DEBIAN-CVE-2005-0869
phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to 1 class.OpenBSD.inc.php, 2 class.NetBSD.inc.php, 3 class.FreeBSD.inc.php, 4 class.Darwin.inc.php, 5 XPath.class.php, 6 systemheader.php, or 7 systemfooter.php, which reveal the path in a PHP error messa...
DEBIAN-CVE-2005-0870
Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...
CVE-2005-0869
phpSysInfo 2.3 is affected by CVE-2005-0869. The issue enables remote attackers to obtain sensitive information by requesting specific PHP files (class.OpenBSD.inc.php, class.NetBSD.inc.php, class.FreeBSD.inc.php, class.Darwin.inc.php, XPath.class.php, system_header.php, system_footer.php), which...
CVE-2005-0869
phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to 1 class.OpenBSD.inc.php, 2 class.NetBSD.inc.php, 3 class.FreeBSD.inc.php, 4 class.Darwin.inc.php, 5 XPath.class.php, 6 systemheader.php, or 7 systemfooter.php, which reveal the path in a PHP error messa...
CVE-2005-0869
phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to 1 class.OpenBSD.inc.php, 2 class.NetBSD.inc.php, 3 class.FreeBSD.inc.php, 4 class.Darwin.inc.php, 5 XPath.class.php, 6 systemheader.php, or 7 systemfooter.php, which reveal the path in a PHP error messa...
CVE-2005-0870
CVE-2005-0870 is a set of cross-site scripting flaws in phpsysinfo (phpSysInfo 2.3) when register_globals is enabled, allowing remote script/HTML injection via index.php (sensor_program) and system_footer.php (text[language], text[template], hide_picklist). Connected OpenVAS entries consolidate t...
CVE-2005-0870
Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...
CVE-2005-0870
Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...
PHPSysInfo < 2.5 Multiple Script XSS
The remote host is running phpSysInfo, a PHP script that parses the /proc entries on Linux systems and displays them in HTML. The version of phpSysInfo installed on the remote host is affected by multiple cross-site scripting vulnerabilities due to its failure to sanitize user input to the...
[SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpSysInfo 2.3 Multiple vulnerabilities cXIb8O3.11 Author: Maksymilian Arciemowicz cXIb8O3 Date: 22.3.2005 from SECURITYREASON.COM TEAM - --- 0.Description --- PHPSysInfo 2.3 is a customizable PHP Script that parses /proc, and formats information...
PHPSysInfo 2.02.3 - system_footer.php Cross-Site Scripting
PHPSysInfo 2.02.3 - systemfooter.php Cross-Site Scripting source: https://www.securityfocus.com/bid/12887/info phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...