161 matches found
CVE-2006-1507
Cross-site scripting XSS vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php...
Cross site scripting
Cross-site scripting XSS vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php...
CVE-2006-1507
CVE-2006-1507 is a documented cross-site scripting (XSS) flaw in PHPKIT 1.6.03. The vulnerability allows remote attackers to inject arbitrary script or HTML via the error parameter to include.php, with a potential root cause in login/login.php. The available sources (NVD/CVE record, CVE listings)...
CVE-2006-1507
Cross-site scripting XSS vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php...
XSS in PHPKIT Version 1.6.03
http://www.example.com/include.php?path=login/login.php&error=scriptalertdocument.Cookie/script Discovered by BadNet !!!!...
phpkit_161r2_incl_xpl.txt
---------- PHPKit = v.1.6.1 release 2 remote code execution ------------------- software: site: www.phpkit.de description: a Content Management / homepage / community building software written in PHP language --------------------------------------------------------------------------------...
Path traversal
Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with 1 '/' slash for an absolute pathname or 2 a drive...
Design/Logic Flaw
Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allowurlfopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a 1 UNC share or 2 ftps URL, which bypasses the check for "http://", "ftp://"...
CVE-2006-0785
Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with 1 '/' slash for an absolute pathname or 2 a drive...
CVE-2006-0786
Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allowurlfopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a 1 UNC share or 2 ftps URL, which bypasses the check for "http://", "ftp://"...
CVE-2006-0785
Absolute path traversal vulnerability in include.php of PHPKIT
CVE-2006-0785
Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with 1 '/' slash for an absolute pathname or 2 a drive...
CVE-2006-0786
Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allowurlfopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a 1 UNC share or 2 ftps URL, which bypasses the check for "http://", "ftp://"...
CVE-2006-0786
The CVE-2006-0786 entry concerns PHP-Kit prior to 1.6.1 Release 2, where include.php contains an incomplete blacklist vulnerability. When allow_url_fopen is enabled, an attacker can perform PHP remote file include attacks by passing a path parameter that points to a (1) UNC share or (2) ftps URL,...
PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions)
---------- PHPKit = v.1.6.1 release 2 remote code execution ------------------- software: site: www.phpkit.de description: a Content Management / homepage / community building software written in PHP language --------------------------------------------------------------------------------...
PHPKIT 1.6.1R2 - filecheck Remote Command Execution
PHPKIT 1.6.1R2 - filecheck Remote Command Execution works with allowurlfopen = On usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "All men can see the tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." also if magicquotesgpc =...
PHPKIT 1.6.1R2 - 'filecheck' Remote Command Execution
works with allowurlfopen = On usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "All men can see the tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." also if magicquotesgpc = Off, you can view any file on target system by null...
PHPKIT <= 1.6.1R2 (filecheck) Remote Commands Execution Exploit
No description provided by source. ?php ---PHPKIT161r2inclxpl.php 4.27 16/02/2006 PHPKIT = 1.6.1R2 remote commands execution exploit coded by rgod site: http://retrogod.altervista.org - works with allowurlfopen = On usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "All men c...
CVE-2005-4424
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. dot dot in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00...
CVE-2005-4424
CVE-2005-4424 affects PHP-Kit up to version 1.6.1 R2. The vulnerability is a directory-traversal flaw in the path parameter that, combined with a %00 (null byte) at the end of a filename (e.g., avatar.png%00), enables remote authenticated users to execute arbitrary PHP code. Documented impact ind...