Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability

This host is running Andy's PHP Knowledgebase and is prone to remote PHP code execution vulnerability. OpenVAS Vulnerability Test $Id: secpodaphpkbcodeexecvuln.nasl 5840 2017-04-03 12:02:24Z cfi $ Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability Authors: Sooraj KS...

Andy's PHP Knowledgebase < 0.95.6 'step5.php' Remote PHP Code Execution Vulnerability - Active Check

Andy SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:aphpkb:aphpkb"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.902519";...

Nmap NSE net: domino-enum-users

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vordel Gateway <= 6.0.3 Directory Traversal Vulnerability - Active Check

Vordel Gateway is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Ajax Chat 1.0 - &#039;ajax-chat.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/47953/info Ajax Chat is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context ...

TWiki 5.0.1 - &#039;origurl&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/47899/info TWiki is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

AVS Ringtone Maker 1.6.1 - &#039;.au&#039; File Remote Buffer Overflow

source: https://www.securityfocus.com/bid/47851/info AVS Ringtone Maker is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers may leverage this issue to execute arbitrary code in the context of the application...

VLC Media Player 'Bookmark Creation' Buffer Overflow Vulnerability - Linux

VLC Media Player is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FTP Service AUTH TLS Plaintext Command Injection

The remote FTP server contains a software flaw in its AUTH TLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could permit an attacker to...

EmbryoCore 1.03 - index.php SQL Injection

EmbryoCore 1.03 - index.php SQL Injection source: https://www.securityfocus.com/bid/47763/info EmbryoCore is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Getsimple CMS 3.0 - &#039;set&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/47767/info GetSimple is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in...

LDAP Account Manager 'selfserviceSaveOk' Parameter Cross Site Scripting Vulnerability

LDAP Account Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

YaPiG 0.95 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/47698/info YaPIG is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

OpenMyZip 0.1 - &#039;.zip&#039; Remote Buffer Overflow

source: https://www.securityfocus.com/bid/47678/info OpenMyZip is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will...

Kusaba X Multiple Cross Site Scripting Vulnerabilities

Kusaba X is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

phpGraphy <= 0.9.13b XSS Vulnerability - Active Check

phpGraphy is prone to a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

DynMedia Pro Web CMS 'downloadfile.php' Local File Disclosure Vulnerability

DynMedia Pro Web CMS is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application...

Qianbo Enterprise Web Site Management System XSS Vulnerability (Apr 2011)

Qianbo Enterprise Web Site Management System is prone to a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied data. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

eXPert PDF 7.0.880.0 - &#039;.pj&#039; Heap Buffer Overflow

source: https://www.securityfocus.com/bid/47571/info eXPert PDF is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue to execute arbitrary code...

LightNEasy 3.2.3 - &#039;userhandle&#039; Cookie SQL Injection

source: https://www.securityfocus.com/bid/47541/info LightNEasy is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...