78 matches found
CVE-2008-1506
PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function...
CVE-2008-0149
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function...
CVE-2008-0149
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function...
CVE-2008-0149
Affected software: TUTOS 1.3. The CVE-2008-0149 entry describes a remote information disclosure vulnerability where an attacker can read system information by directly requesting php/admin/phpinfo.php, which invokes phpinfo(). The issue is categorized as a PHP information-disclosure via HTTP. Con...
CVE-2007-6606
CVE-2007-6606 affects OpenBiblio 0.5.2-pre4 and earlier: remote attackers can disclose configuration information via a direct request to phpinfo.php, which uses phpinfo(). The entry notes a MEDIUM severity (CVSSv2 base score 5.0) with network attack vector and no authentication. The provided docu...
CVE-2007-6221
TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Unfixed XSS vulnerability at www.uday.com.np
Security researcher Uber0n, has submitted on 11/12/2007 a cross-site-scripting XSS vulnerability affecting www.uday.com.np, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/12/2007. It is currently...
Unfixed XSS vulnerability at www.bf2-squads.com
Security researcher SeeD, has submitted on 11/12/2007 a cross-site-scripting XSS vulnerability affecting www.bf2-squads.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/12/2007. It is currently...
CVE-2002-2349
CVE-2002-2349 affects phpBBmod 1.3.3 where a call to phpinfo() can be triggered remotely to reveal sensitive environment information. The provided documents reiterate that phpinfo output exposes configuration and server variables, indicating a partial confidentiality impact. No explicit remediati...
CVE-2002-2247
The CVE-2002-2247 entry concerns Mambo Site Server 4.0.11 where the administrator/phpinfo.php script calls phpinfo(), enabling remote attackers to reveal sensitive information such as the full web root path. This is an information-disclosure flaw attributed to phpinfo() usage in that script. The ...
Unfixed XSS vulnerability at www.warnexus.net
Security researcher zuppergazi, has submitted on 09/03/2007 a cross-site-scripting XSS vulnerability affecting www.warnexus.net, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/03/2007. It is currentl...
Unfixed XSS vulnerability at www.netvoyager.ca
Security researcher zuppergazi, has submitted on 09/03/2007 a cross-site-scripting XSS vulnerability affecting www.netvoyager.ca, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/03/2007. It is current...
Unfixed XSS vulnerability at www.nobeo.fr
Security researcher zuppergazi, has submitted on 08/03/2007 a cross-site-scripting XSS vulnerability affecting www.nobeo.fr, which at the time of submission ranked 3219970 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/03/2007. It is...
Unfixed XSS vulnerability at bahrainevents.com
Security researcher zuppergazi, has submitted on 08/03/2007 a cross-site-scripting XSS vulnerability affecting bahrainevents.com, which at the time of submission ranked 13495 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/03/2007. It is...
Unfixed XSS vulnerability at www.optimus.kiev.ua
Security researcher zuppergazi, has submitted on 08/03/2007 a cross-site-scripting XSS vulnerability affecting www.optimus.kiev.ua, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/03/2007. It is...
Unfixed XSS vulnerability at www.maths.tcd.ie
Security researcher zuppergazi, has submitted on 08/03/2007 a cross-site-scripting XSS vulnerability affecting www.maths.tcd.ie, which at the time of submission ranked 24151 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/03/2007. It is...
Unfixed XSS vulnerability at www.wowcoldblood.com
Security researcher zuppergazi, has submitted on 08/03/2007 a cross-site-scripting XSS vulnerability affecting www.wowcoldblood.com, which at the time of submission ranked 6866981 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/03/2007. It i...
Information disclosure
Ripe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Unfixed XSS vulnerability at www.tr-clan.ca
Security researcher KaBuS, has submitted on 07/03/2007 a cross-site-scripting XSS vulnerability affecting www.tr-clan.ca, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/03/2007. It is currently...
phpmur-xss.txt
""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ Security Vulnerability Resear...