137 matches found
CVE-2023-49006
Cross Site Request Forgery CSRF vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file...
PT-2023-31029 · Unknown +1 · Phpsysinfo +1
Name of the Vulnerable Software and Affected Versions: Phpsysinfo version 3.4.3 Description: A Cross Site Request Forgery CSRF issue allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. The functionality is disabled by default in Phpsysinfo 3.4.3, but...
CVE-2023-49006
Cross Site Request Forgery CSRF vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file...
CVE-2023-49006
CVE-2023-49006 affects Phpsysinfo 3.4.3 and is a Cross-Site Request Forgery (CSRF) vulnerability. The claim states that a crafted page in XML.php can cause a remote attacker to obtain sensitive information. Affected component is Phpsysinfo (XML.php as the attack surface); root cause is CSRF, enab...
XML.php JSONP hijacking
Description The XML.php file has a JSONP hijacking vulnerability. When a user visits a page carefully crafted by the attacker, the JSON data is obtained and sent to the attacker. Proof of Concept We created an HTML file as a proof of concept to showcase the vulnerability. This HTML file will...
GHSA-2WXV-3G4V-P76P phpSysInfo allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence
Directory traversal vulnerability in index.php in phpSysInfo prior to 3.2.5 allows remote attackers to determine the existence of arbitrary files via a .. dot dot sequence and a trailing null %00 byte in the lng parameter, which will display a different error message if the file exists...
phpSysInfo allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence
Directory traversal vulnerability in index.php in phpSysInfo prior to 3.2.5 allows remote attackers to determine the existence of arbitrary files via a .. dot dot sequence and a trailing null %00 byte in the lng parameter, which will display a different error message if the file exists...
openSUSE Security Update : apparmor (openSUSE-2016-491)
This update for apparmor updates some profiles. It is specifically required for the Samba security update. profile updates : - sbin.syslog-ng - usr.sbin.identd - usr.sbin.nscd allows nscd paranoia mode - usr.sbin.smbd - usr.sbin.smbldap-useradd - apache2.d/phpsysinfo updated abstractions : - aspe...
PHPSYSINFO 3.1.12 Local File Disclosure
In \apps\phpsysinfo3.1.12/language/language.php 60: echo filegetcontentsAPPROOT . '/language/' . $lang . '.xml'; is presented where $lang is defined as: 52: $lang = basename$GET'lang'; Which can be exploited like localhost/phpsysinfo/language/language.php?lang=../../../stufftoinclude which can be...
PHPSysInfo 2.0/2.1 Index.PHP LNG File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7286/info PHPSysInfo has been reported to be vulnerable to a file disclosure issue. Local users may be capable of influencing the include path for PHPSysinfo language include files. If the malicious language file is...
phpSysInfo 2.0/2.3 system_footer.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/12887/info phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these...
phpSysInfo 2.0/2.3 index.php sensor_program Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/12887/info phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these...
PHPSysInfo 2.0/2.1 Index.PHP File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7275/info PHPSysInfo has been reported to be vulnerable to a file disclosure issue. Local users may be capable of influencing the include path for several PHPSysinfo template files. If the malicious template file is...
Gentoo Security Advisory GLSA 200311-07 (phpSysInfo)
The remote host is missing updates announced in advisory GLSA 200311-07. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 200511-18 (phpsysinfo)
The remote host is missing updates announced in advisory GLSA 200511-18. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200311-07 (phpSysInfo)
The remote host is missing updates announced in advisory GLSA 200311-07. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200511-18 (phpsysinfo)
The remote host is missing updates announced in advisory GLSA 200511-18. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD Ports: phpSysInfo
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD Ports: phpSysInfo
The remote host is missing an update to the system as announced in the referenced advisory. VID 9c1cea79-548a-11da-b53f-0004614cc33d OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: phpSysInfo
The remote host is missing an update to the system as announced in the referenced advisory. VID 88260dfe-3d21-11dc-b3d3-0016179b2dd5 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...