PHP4dvd - config.php PHP Code Injection

PHP4dvd - config.php PHP Code Injection source: https://www.securityfocus.com/bid/60257/info php4dvd is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a...

PHP4dvd - 'config.php' PHP Code Injection

source: https://www.securityfocus.com/bid/60257/info php4dvd is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the...

phpCollab 2.5 - Direct Request Multiple Protected Page Access

phpCollab 2.5 - Direct Request Multiple Protected Page Access source: https://www.securityfocus.com/bid/53675/info phpCollab is prone to an unauthorized-access and an arbitrary-file-upload vulnerabilities. Attackers can leverage these issues to gain unauthorized access to application data and to...

PHP Address Book Multiple XSS Vulnerabilities

PHP Address Book is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Novell Client 4.91 SP3/4 Privilege Escalation

Novell Client 4.91 SP3/4 Privilege escalation exploit Download link: http://download.novell.com/Download?buildid=SyZ1G2ti7wU SecurityFocus: http://www.securityfocus.com/bid/27209/info CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5762 Patch:...

PHP <= 5.4.3 RCE Vulnerability - Windows

PHP is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if descripti...

Novell Client 4.91 SP4 - Local Privilege Escalation

Novell Client 4.91 SP4 - Local Privilege Escalation Novell Client 4.91 SP3/4 Privilege escalation exploit Download link: http://download.novell.com/Download?buildid=SyZ1G2ti7wU SecurityFocus: https://www.securityfocus.com/bid/27209/info CVE:...

Novell Client 4.91 SP4 - Local Privilege Escalation

Novell Client 4.91 SP3/4 Privilege escalation exploit Download link: http://download.novell.com/Download?buildid=SyZ1G2ti7wU SecurityFocus: https://www.securityfocus.com/bid/27209/info CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5762 Patch:...

concrete5 index.php/tools/required/files/add_to searchInstance Parameter XSS

concrete5 index.php/tools/required/files/addto searchInstance Parameter XSS. Webapps exploit for php platform source: http://www.securityfocus.com/bid/53640/info Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input. 1. Multiple cross-site...

concrete5 index.php/tools/required/files/bulk_properties searchInstance Parameter XSS

concrete5 index.php/tools/required/files/bulkproperties searchInstance Parameter XSS. Webapps exploit for php platform source: http://www.securityfocus.com/bid/53640/info Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input. 1. Multiple...

concrete5 index.php/tools/required/files/import Multiple Parameter XSS

concrete5 index.php/tools/required/files/import Multiple Parameter XSS. Webapps exploit for php platform source: http://www.securityfocus.com/bid/53640/info Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input. 1. Multiple cross-site scripting...

Concrete5 CMS FlashUploader - Arbitrary &#039;.SWF&#039; File Upload

source: https://www.securityfocus.com/bid/53640/info Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input. 1. Multiple cross-site scripting vulnerabilities 2. An arbitrary-file-upload vulnerability 3. A denial-of-service vulnerability An...

Symantec Web Gateway 'relfile' Parameter Directory Traversal Vulnerability

Symantec Web Gateway is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GetSimple CMS 3.1 admin/pages.php error Parameter Reflected XSS

GetSimple CMS 3.1 admin/pages.php error Parameter Reflected XSS. CVE-2012-6621. Webapps exploit for php platform source: http://www.securityfocus.com/bid/53501/info GetSimple CMS is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplie...

CVE-2012-2329 PHP Apache Request Headers

Buffer overflow in the apacherequestheaders function in sapi/cgi/cgimain.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service application crash via a long string in the header of an HTTP request. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: —...

Trombinoscope 3.x - &#039;photo.php&#039; Server SQL Injection

source: https://www.securityfocus.com/bid/53398/info Trombinoscope is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

Symantec Web Gateway 'l' Parameter Cross Site Scripting Vulnerability

Symantec Web Gateway is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

FreePBX callmenum Remote Code Execution

Added: 05/02/2012 BID: 52630 OSVDB: 80544 Background FreePBX is an open source telephony front-end, which has an easy to use graphical user interface that controls and manages Asterisk. Problem FreePBX fails to properly sanitize user-supplied input passed to 'callmenum' parameter in...

MySQLDumper 1.24.4 - menu.php PHP Remote Code Execution

MySQLDumper 1.24.4 - menu.php PHP Remote Code Execution source: https://www.securityfocus.com/bid/53310/info MySQLDumper is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to...

gpEasy 2.3.3 - jsoncallback Cross-Site Scripting

gpEasy 2.3.3 - jsoncallback Cross-Site Scripting source: https://www.securityfocus.com/bid/53269/info gpEasy is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...