CVE-2006-6225

Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the CONFpath parameter to 1 links/functions.inc, 2 polls/functions.inc, 3 spamx/BlackList.Examine.class.php, 4 spamx/DeleteComment.Action.class.php, 5...

EUVD-2006-6208

Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the CONFpath parameter to 1 links/functions.inc, 2 polls/functions.inc, 3 spamx/BlackList.Examine.class.php, 4 spamx/DeleteComment.Action.class.php, 5...

Solaris 10 (x86) : 119116-35 (deprecated)

Mozilla 1.7x86 patch. Date this patch was last updated by Sun : Aug/05/09 This plugin has been deprecated and either replaced with individual 119116 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2018/03/12...

CVE-2006-4971

CVE-2006-4971 affects MyBB (MyBulletinBoard). A direct request to inc/plugins/hello.php allows remote attackers to trigger an error message that reveals the server path, exposing sensitive information. Impact: partial confidentiality. CVSS v2 base score: 5.0 (MEDIUM) . The supplied documents do n...

PT-2006-5350 · Bob Jewell · Bob Jewell Discloser

Name of the Vulnerable Software and Affected Versions: Bob Jewell Discloser version 0.0.4 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the type parameter in the plugins/plugins.php file. However, there is a dispute about whether an attacker can control...

Sonium Enterprise Adressbook 0.2 - folder Include

Sonium Enterprise Adressbook 0.2 - folder Include +-------------------------------------------------------------------- + + Sonium Enterprise Adressbook Version 0.2 folder RFI + + Original advisory: + http://www.bb-pcsecurity.de/Websecurity/342/org/SoniumEnterpriseAdressbookVersion0.2folderRFI.ht...

GLSA-200608-19 : WordPress: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200608-19 WordPress: Privilege escalation The WordPress developers have confirmed a vulnerability in capability checking for plugins. Impact : By exploiting a flaw, a user can circumvent WordPress access restrictions when using...

security flaw

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is use...

security flaw

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is use...

farsinews.txt

if magicquotesgpc is Off in php.ini then local file inclusion in /jscripts/tinymce/tinymcegzip.php is available to use;!! why? codejscripts/tinymce/tinymcegzip.php ... $theme = isset$REQUEST'theme' ? $REQUEST'theme' : ""; $language = isset$REQUEST'language' ? $REQUEST'language' : ""; $plugins =...

CentOS 3 : mozilla (CESA-2005:384)

Updated Mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bu...

CVE-2006-2196

Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges...

DEBIAN-CVE-2006-2196

Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges...

DSA-1102 pinball - design error

Bulletin has no description...

CVE-2006-3172

Multiple PHP remote file inclusion vulnerabilities in ContentBuilder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash / character in the 1 langpath parameter to a cms/plugins/colman/column.inc.php, b cms/plugins/poll/poll.inc.php, c...

PT-2006-3760 · Squirrelmail +1 · Squirrelmail +1

Name of the Vulnerable Software and Affected Versions: SquirrelMail versions 1.4.6 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter, under specific conditions where register globals is enabled and magic quotes gpc is...

Squirrelmail local file inclusion

Squirrelmail local file inclusion bug in functions/plugin.php . Tested on the latest 1.4.x version. No authentication needed. if isset$plugins && isarray$plugins foreach $plugins as $name useplugin$name; ... function useplugin $name if fileexistsSMPATH . "plugins/$name/setup.php" includeonceSMPAT...

Multiple Adobe Macromedia Flash products vulnerabilities

Multiple vulnerabilities, including standard browser's plugins. Can be used for silent malware installation...

Security fix for the ALT Linux 9 package openvpn version 2.0.6-alt1

April 6, 2006 Nikolay A. Fetisov 2.0.6-alt1 - New version 2.0.6 -- Security fixes for CVE-2005-3393, CVE-2005-3409, CVE-2006-1629 -- several minor bug fixes and improvements, see ChangeLog for details - Adding README.ALT - Updating init.d script - Building and packaging plugins...

FTP Service Allows Any Username

The FTP service can be accessed using any username and password. Many other FTP plugins may trigger falsely because of this, so the scanner enable some countermeasures. SPDX-FileCopyrightText: 2005 Digital Defense Inc. Some text descriptions might be excerpted from a referenced sources, and are...