CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

137 matches found

securityvulns•added 2007/07/27 12:0 a.m.•69 views

PHPSysInfo Index.php Cross Site Scripting

HSC PHPSysInfo Index.php Cross Site Scripting PhpSysInfo is a PHP script that displays information about the host being accessed. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the...

0.6AI score

Exploits0

Tenable Nessus•added 2006/10/14 12:0 a.m.•38 views

Debian DSA-897-1 : phpsysinfo - programming errors

Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems, of which not all wer...

6.8CVSS5.3AI score0.11707EPSS

Exploits1References5

OSV•added 2006/07/06 8:5 p.m.•4 views

CVE-2006-3360

Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. dot dot sequence and a trailing null %00 byte in the lng parameter, which will display a different error message if the file exists...

6.6AI score

Exploits0References16

OSV•added 2006/07/06 8:5 p.m.•3 views

DEBIAN-CVE-2006-3360

5CVSS6.7AI score0.07865EPSS

Exploits1References1

UbuntuCve•added 2006/07/06 8:5 p.m.•14 views

CVE-2006-3360

5CVSS6AI score0.07865EPSS

Exploits1References1

Cvelist•added 2006/07/06 12:0 a.m.•16 views

CVE-2006-3360

6.6AI score0.07865EPSS

Exploits1References10

CVE•added 2006/07/06 12:0 a.m.•48 views

CVE-2006-3360

CVE-2006-3360 affects phpSysInfo, where Directory traversal in index.php (lng parameter) can reveal whether arbitrary files exist via a .. sequence plus a trailing null (%00). Affected versions are 2.5.1 through 3.2.4; the issue is exploitable remotely and can disclose file existence information ...

5CVSS6.7AI score0.07865EPSS

Exploits1References10Affected Software1

Debian CVE•added 2006/07/06 12:0 a.m.•15 views

CVE-2006-3360

5CVSS6.5AI score0.07865EPSS

Exploits1

Positive Technologies•added 2006/07/06 12:0 a.m.•3 views

PT-2006-4252 · Phpsysinfo · Phpsysinfo

Name of the Vulnerable Software and Affected Versions: phpSysInfo versions 2.5.1 through 3.2.4 Description: The issue allows remote attackers to determine the existence of arbitrary files via a .. dot dot sequence and a trailing null %00 byte in the lng parameter. This will display a different...

5CVSS6.6AI score0.07865EPSS

Exploits1References19

securityvulns•added 2006/07/05 12:0 a.m.•46 views

[Full-disclosure] phpSysInfo arbitrary file identification

phpSysInfo is a popular webscript for displaying stats about a webserver available from http://phpsysinfo.sourceforge.net/ with 365012 downloads to date. A vulnerability which allows an attacker to identify if a file exists on the remote system has been identified. By supplying a directory...

0.3AI score

Exploits0

Tenable Nessus•added 2006/05/13 12:0 a.m.•16 views

FreeBSD : phpSysInfo -- 'register_globals' emulation layer overwrite vulnerability (9c1cea79-548a-11da-b53f-0004614cc33d)

A Secunia Advisory reports : Christopher Kunz has reported a vulnerability in phpSysInfo, which can be exploited by malicious people to manipulate certain information. The vulnerability is caused due to an error in the 'registerglobals' emulation layer where certain arrays used by the system can ...

6AI score

Exploits0References2

Tenable Nessus•added 2006/05/13 12:0 a.m.•31 views

FreeBSD : phpSysInfo -- XSS vulnerability (50457509-d05e-11d9-9aed-000e0c2e438a)

A Securityreason.com advisory reports that various cross site scripting vulnerabilities have been found in phpSysInfo. Input is not properly sanitised before it is returned to the user. A malicious person could exploit this to execute arbitrary HTML and script code in a users browser session. Als...

5CVSS5.7AI score0.11707EPSS

Exploits1References4

Tenable Nessus•added 2005/12/07 12:0 a.m.•38 views

GLSA-200511-18 : phpSysInfo: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200511-18 phpSysInfo: Multiple vulnerabilities Christopher Kunz from the Hardened-PHP Project discovered that phpSysInfo is vulnerable to local file inclusion, cross-site scripting and a HTTP Response Splitting attacks. Impact : A...

6.8CVSS5.6AI score0.03464EPSS

Exploits1References4

Gentoo Linux•added 2005/11/22 12:0 a.m.•36 views

phpSysInfo: Multiple vulnerabilities

Background phpSysInfo displays various system stats via PHP scripts. Description Christopher Kunz from the Hardened-PHP Project discovered that phpSysInfo is vulnerable to local file inclusion, cross-site scripting and a HTTP Response Splitting attacks. Impact A local attacker may exploit the fil...

6.8CVSS6.7AI score0.03464EPSS

Exploits1

OSV•added 2005/11/18 2:2 a.m.•5 views

CVE-2005-3347

Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. dot dot sequences in the 1 sensorprogram parameter or the 2...

6.7AI score

Exploits0References18

OSV•added 2005/11/18 2:2 a.m.•1 views

DEBIAN-CVE-2005-3348

HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter...

4.3CVSS6.9AI score0.01838EPSS

Exploits1References1

UbuntuCve•added 2005/11/18 2:2 a.m.•32 views

CVE-2005-3347

6.8CVSS6.1AI score0.03464EPSS

Exploits1References1