[Full-disclosure] OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities

Security Advisory - - OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities - ---------------------------------------------------- Product: OpenBiblio Version: Version 0.5.2 Prerelease 4 and prior is affected Url: http://obiblio.sourceforge.net/ Affected by: Full path disclosure, local file...

Information disclosure

GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function...

gf3xplorer-multi.txt

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Local File...

GF-3XPLORER 2.4 (XSS/LFI/Etc.) Multiple Remote Vulnerabilities

No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / &nb...

GF-3XPLORER 2.4 (XSS/LFI/Etc.) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== GF-3XPLORER 2.4 XSS/LFI/Etc. Multiple Remote Vulnerabilities ==============================================================...

gf-3xplorer 2.4 - Cross-Site Scripting / Local File Inclusion

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Local File...

gf-3xplorer 2.4 - Cross-Site Scripting Local File Inclusion

gf-3xplorer 2.4 - Cross-Site Scripting Local File Inclusion --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

CVE-2007-6221

TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Information disclosure

TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-6221

The vulnerability CVE-2007-6221 affects TuMusika Evolution 1.7R5. A direct request to phpinfo.php calls phpinfo, enabling remote attackers to disclose configuration information. No remediation details are provided in the connected documents. The exact root cause is exposure of PHP configuration d...

Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-320-1)

The phpinfo PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo. Please note that it is not recommended to publicly expose phpinfo. CVE-2006-0996 An...

CVE-2002-2349

phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information...

CVE-2003-1403

The CVE-2003-1403 entry concerns DotBr 0.1: a vulnerability in foo.php3 that allows remote attackers to obtain sensitive information by making a direct request that triggers the phpinfo function. This exposes partial confidentiality and partial integrity/availability according to the NVD CVSS vec...

CVE-2003-1403

foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function...

CVE-2002-2289

soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords...

CVE-2002-2289

The CVE concerns BadBlue 1.7.1 where soinfo.php calls the PHP phpinfo function, exposing sensitive information and potentially ODBC passwords. The root cause is the phpinfo output being exposed remotely, enabling information disclosure. Publicly documented details are limited to this information;...

Buffer overflow

Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in Callisto PhotoParade Player allows remote attackers to execute arbitrary code via the FileVersionof property...

CVE-2007-1688

The CVE-2007-1688 entry concerns a buffer overflow in the PhPInfo ActiveX control (PhPCtrl.dll) used by Callisto PhotoParade Player. The vulnerability affects the PhPInfo ActiveX control and its FileVersionOf property, enabling remote code execution when a user opens a specially crafted page, per...

PhotoParade Player PhPInfo ActiveX (PhPCtrl.dll) FileVersionof Property Overflow

The remote host contains the PhPInfo ActiveX control, included with the PhotoParade Player software for creating slideshows of digital pictures. The version of this control installed on the remote host reportedly contains an unspecified overflow in its 'FileVersionOf' property that could lead to...

CVE-2007-1688

Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in Callisto PhotoParade Player allows remote attackers to execute arbitrary code via the FileVersionof property...