119 matches found
CVE-2007-1141
PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpscriptpath parameter. NOTE: This issue may overlap CVE-2006-0723...
Limbo CMS Module event 1.0 - Remote File Inclusion
----------------------------------------------- Limbo CMS event module lmabsolutepath Remote File Include Vulnerabilities ----------------------------------------------- Author: xoron ----------------------------------------------- Vuln Code:...
CVE-2006-6113
Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to 1 include/adminauth.inc.php and 2 include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the defaul...
Web3news PHPSECURITYADMIN_PATH变量远程文件包含漏洞
Web3news是一款开源的邮件和新闻组服务器。 Web3news处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 Web3news没有正确地验证security/include/class.security.php文件中对PHPSECURITYADMINPATH参数的输入,允许远程攻击者可以通过包含本地和外部资源的任意文件导致执行任意代码。成功的攻击要求打开了registerglobals。 Web3King Web3news = v0.95 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Open Meetings Filing Application - Remote File Inclusion
Open Meetings Filing Application - Remote File Inclusion -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Open Meetings Filing Application PROJECTROOT Remote File Include Vulnerability...
BrudaGB <= v1.1 (o) Remote File Inclusion Exploit
============================================================================================== BrudaGB = v1.1 o Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...
BrudaGB <= 1.1 (admin/index.php) Remote File Include Vulnerability
No description provided by source. ============================================================================================== BrudaGB = v1.1 o Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangero...
Popper <= v1.41 (form) Remote File Inclusion Exploit
============================================================================================== Popper = v1.41 form Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...
yappa-ng <= v2.3.1 (admin_modules) Remote File Inclusion Exploit
============================================================================================== yappa-ng = v2.3.1 adminmodules Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...
Yappa-ng 2.3.1 - 'admin_modules' Remote File Inclusion
============================================================================================== yappa-ng = v2.3.1 adminmodules Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...
ExBB Italian version <= v2.0 (home_path) Remote File Inclusion Exploit
============================================================================================== ExBB Italian version = v2.0 homepath Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site...
PT-2006-5223 · Phpdig +1 · Phpdig +1
Name of the Vulnerable Software and Affected Versions: Jetbox CMS version 2.1 Description: The issue concerns a remote file inclusion vulnerability. It allows remote attackers to execute arbitrary PHP code via a URL in the relative script path parameter. This is a different vector from a previous...
dieselpay.txt
NightWarrior nightwarrior-athotmail.com DieselPay İndex.php Cross-Site Scripting Vulnerability Contact : nightwarrior-athotmail.com hompage : www.dieselscripts.com http://www.example.com/Script Path/index.php?read=XSS...
dieselpaid.txt
NightWarrior nightwarrior-athotmail.com Diesel Paid Mail getad.php Cross-Site Scripting Vulnerability Contact : nightwarrior-athotmail.com hompage : www.dieselscripts.com http://www.example.com/Script Path/site/getad.php?refid=&email=default&ps=XSS...
diesel.txt
NightWarrior nightwarrior-athotmail.com Diesel Job Site forgot.php Cross-Site Scripting Vulnerability Contact : nightwarrior-athotmail.com hompage : www.dieselscripts.com http://www.example.com/Script Path/jobseekers/forgot.php?uname=XSS&fu=Submit http://www.example.com/Script...
DieselPay İndex.php Cross-Site Scripting Vulnerability
NightWarriorKurdish Hacker nightwarrior-athotmail.com DieselPay ndex.php Cross-Site Scripting Vulnerability Contact : nightwarrior-athotmail.com hompage : www.dieselscripts.com http://www.example.com/Script Path/index.php?read=XSS...
Fantastic News <= 2.1.3 (script_path) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ======================================================================= Fantastic News = 2.1.3 scriptpath Remote File Include Vulnerability =======================================================================...
security flaw
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support sperl, allows local users to execute arbitrary code by setting the PERLIODEBUG variable and executing a Perl script whose full pathname contains a long directory tree...
Apache Web Server ap_log_rerror() function discloses full path to CGI script
Overview There is a vulnerability in Apache 2.0 through 2.035 that could disclose the real path to a CGI script or other file. Description A vulnerability in the Apache web server could disclose sensitive information. Quoting from the Apache Change Log: Security Added the APLOGTOCLIENT flag to...