27 matches found
phpSlash account hijacking vulnerability
Sysdream && Serial Savate System. advisory --------------------------------------- xxxxxxxxxxx6.adv.en Program : PHPSLASH Homepage : http://www.php-slash.org Author Contacted : 05/may/2005 Author's Answer : 06/may/2005 joestewart Version tested : 0.7.1, 0.7.2, 0.8., dev Found by : crashfr at...
CVE-2001-1334
PHPSlash 0.6.1 contains a vulnerability in Block_render_url.class that allows remote attackers with PHPSlash administrator privileges to read arbitrary files. By creating a block and specifying the target file as the source URL, an authenticated admin can exfiltrate local files. The CVE entry pro...
CVE-2001-1334
Blockrenderurl.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL...
CVE-2001-1334
Blockrenderurl.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL...
PHPSlash : potential vulnerability in URL blocks
sAvAte inc. Serial Savate System advisory --------------------------------------- xxxxxxxxxxx2.adv.en Program: PHPSLASH Homepage: http://www.phpslash.org Author Contacted: 15/apr/2001 Answer: 16/apr/2001 ajayrockrock Patch : 16/apr/2001 Version tested: 0.6.1 Found by : tobozo - Problem descriptio...
PHPSlash 0.5.3 20.6.1 - URL Block Arbitrary File Disclosure
PHPSlash 0.5.3 20.6.1 - URL Block Arbitrary File Disclosure source: https://www.securityfocus.com/bid/2724/info PHPSlash is a widely used open source Groupware utility. PHPSlash contains a vulnerability which may disclose files readable to the webserver process on the underlying host to PHPSlash...
PHPSlash 0.5.3 2/0.6.1 - URL Block Arbitrary File Disclosure
source: https://www.securityfocus.com/bid/2724/info PHPSlash is a widely used open source Groupware utility. PHPSlash contains a vulnerability which may disclose files readable to the webserver process on the underlying host to PHPSlash users who can 'edit' URL blocks. Exploitation may result in...