SUSE CVE-2006-5871

smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings...

Adobe Captivate Quiz Reporting Feature 'internalServerReporting.php' File Upload RCE

The Adobe Captivate application running on the remote web server is affected by a remote code execution vulnerability in the quiz reporting feature within the 'internalServerReporting.php' script due to improper sanitization and verification of uploaded files before placing them in a...

PhpGedView module.php pgvaction Parameter Traversal Local File Inclusion

The web server hosts PhpGedView, a web-based real estate listing management application written in PHP. The version of PhpGedView installed on the remote host fails to sanitize user input to the 'pgvaction' parameter of the 'module.php' script before using it to include PHP code. Regardless of...

RSForm! Component for Joomla! 'lang' Parameter Local File Include

The version of the RSForm! component for Joomla! running on the remote host is affected by a local file include vulnerability due to improper sanitization of user-supplied input to the 'lang' parameter before using it in the forme.php script to include PHP code. An unauthenticated, remote attacke...

OpenX Open Flash Chart ofc_upload_image.php File Upload Arbitrary Code Execution

The third-party Open Flash Chart component included with the version of OpenX hosted on the remote web server allows an unauthenticated attacker to upload arbitrary files to the affected system, by default in a web-accessible directory. While Nessus has not verified this, it is likely that an...

Scriptegrator Plugin for Joomla! 'files[]' Parameter Remote File Include

The version of the Core Design Scriptegrator plugin for Joomla! running on the remote host is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'files' parameter before using it in the cdscriptegrator/libraries/highslide/js/jsloader.php...

TinyBrowser Component for Joomla! 'tinybrowser_lang' Cookie Local File Include

The version of the TinyBrowser component for Joomla! running on the remote host is affected by a local file include vulnerability due to improper sanitization of user-supplied input to the 'tinybrowserlang' cookie before using it in the tinymce/plugins/tinybrowser/folders.php script to include PH...

phpLDAPadmin < 1.2 Local File Inclusion

Binary data 5291.prm...

Jumi Component for Joomla! <= 2.0.5 Backdoor Detection

The version of Joomla! running on the remote host is affected by a backdoor that is part of a trojan installation of Jumi, a third-party component used for including custom code into Joomla!. An unauthenticated, remote attacker can exploit this backdoor, by using specially crafted input to the...

Acajoom Component for Joomla! <= 3.2.6 Backdoor Detection

Acajoom, a third-party component for Joomla! for managing mailing lists, newsletters, auto-responders, and other communications, is running on the remote host. This version of Acajoom is equal or prior to 3.2.6. It is, therefore, affected by a backdoor in the self.acajoom.php script. An...

Jinzora name Parameter Local File Inclusion

The remote host is running Jinzora, a web-based media streaming and management system written in PHP. The version of Jinzora installed on the remote host fails to filter user-supplied input to the 'name' variable in the 'index.php' script when 'op' is set before using it to include PHP code...

ZABBIX < 1.6.3 Web Interface locales.php extlang[] Remote Code Execution

Binary data 4951.prm...

Coppermine Photo Gallery keysToSkip Parameter Overwrite

The version of Coppermine Photo Gallery installed on the remote host contains a flaw in the anti-registerglobals protective code in 'include/init.inc.php'. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated, remote attacker can leverage this issue using a specially crafted...

Jaws language Parameter Multiple Local File Includes

Jaws, a Framework and Content Management System for building dynamic websites, is installed on the remote system. The installed version fails to filter input to the 'language' parameter before using it to include PHP code in '/upgrade/index.php' and '/install/index.php'. Regardless of PHP's...

OpenX fc.php MAX_type Parameter Traversal Local File Inclusion

The remote host is running OpenX formerly Openads, an open source ad serving application written in PHP. The installed version of OpenX does not validate user-supplied input to the 'MAXtype' parameter of the 'www/delivery/fc.php' script before using it in a PHP 'include' function. Regardless of...

XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection

The version of XOOPS installed on the remote host fails to filter user-supplied input to the 'mydirname' parameter of the 'onupdate.php', 'notification.php', and 'oninstall.php' scripts under the application's 'xoopslib/modules/protector' directory before passing it to PHP 'eval' functions...

XStandard Lite Plugin for Joomla! X_CMS_LIBRARY_PATH Header Directory Traversal

The version of Joomla! running on the remote host is distributed with a WYSIWYG editor plugin known as XStandard Lite. This plugin is affected by an information disclosure vulnerability in the attachmentlibrary.php script due to improper sanitization of user-supplied input to the XCMSLIBRARYPATH...

Moodle 'filter/tex/texed.php' 'pathname' Parameter Remote Command Execution

The version of Moodle installed on the remote host fails to sanitize user-supplied input to the 'pathname' parameter before using it in the 'filter/tex/texed.php' script in a commandline that is passed to the shell. Provided that PHP's 'registerglobals' setting and the TeX Notation filter has bot...

CMS Made Simple admin/login.php cms_language Cookie Local File Inclusion

The remote host is running CMS Made Simple, a content management system written in PHP. The version of CMS Made Simple installed on the remote host fails to sanitize user-supplied input to the 'cmslanguage' cookie when passed to the 'admin/login.php' script before using it to include PHP code...

Pligg settemplate.php template Parameter Local File Inclusion

The remote host is running Pligg, an open source content management system. The installed version of Pligg fails to sanitize the 'template' cookie before using it in 'config.php' to include PHP code. An unauthenticated, remote attacker can exploit this issue to view arbitrary files or even execut...