25 matches found
EUVD-2006-2049
Malware in sbrugna...
EUVD-2006-1813
Malware in sbrugna...
EUVD-2006-1812
Malware in sbrugna...
PHPWebFTP 3.3b Cross Site Scripting
PHPWebFTP ver 3.3b - xss vulnerability , by NA. NA at tutanota.com Vendor has notified Description ---------------- phpWebFTP enables connections to FTP servers, even behind a firewall not allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection from your web server to the FTP...
PHPWebFTP 2.3 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/17688/info phpWebFTP is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input using the HTTP 'POST' method when submitting a...
FreeBSD Ports: phpwebftp
The remote host is missing an update to the system as announced in the referenced advisory. VID d9dc2697-dadf-11da-912f-00123ffe8333 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: phpwebftp
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD : phpwebftp -- 'language' Local File Inclusion (d9dc2697-dadf-11da-912f-00123ffe8333)
Secunia reports : phpWebFTP have a vulnerability, which can be exploited by malicious people to disclose sensitive information. Input passed to the 'language' parameter in index.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 port, 2 server, and 3 user parameters. NOTE: it is possible that the affected version is actually 3.2...
CVE-2006-2048
Multiple cross-site scripting XSS vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 port, 2 server, and 3 user parameters. NOTE: it is possible that the affected version is actually 3.2...
CVE-2006-2048
CVE-2006-2048 concerns PHPWebFTP (Edwin van Wijk) version 2.3 with potential 3.2, describing multiple XSS in index.php. The vulnerability allows remote attackers to inject arbitrary web script/HTML via the (1) port, (2) server, and (3) user parameters. NVD metrics show a CVSS v2 base score of 4.3...
CVE-2006-2048
Multiple cross-site scripting XSS vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 port, 2 server, and 3 user parameters. NOTE: it is possible that the affected version is actually 3.2...
PHPWebFTP 2.3 - Multiple Cross-Site Scripting Vulnerabilities
PHPWebFTP 2.3 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17688/info phpWebFTP is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input using the HTTP 'POST'...
PHPWebFTP 2.3 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/17688/info phpWebFTP is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input using the HTTP 'POST' method when submitting a malicious URI. An attacker may levera...
PhpWebFtp Cross Site Scripting Vulnerability
Summary =============================================== phpWebFTP enables connections to FTP servers, even behind a firewall not allowing traffic. phpWebFTP bypasses the firewall by making a FTP connection from your webserver to the FTP server and transfering the files to your webclient over the...
Improper access control
phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...
CVE-2006-1813
Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the language parameter...
CVE-2006-1812
phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...
CVE-2006-1812
phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...
CVE-2006-1813
CVE-2006-1813 : Affected software is phpWebFTP, affected versions 3.2 and earlier. The root cause is a local file inclusion vulnerability in the index.php script where the user-controlled language parameter is used in an include() without proper validation. This allows an unauthenticated attacker...