Lucene search
+L

247 matches found

Tenable Nessus
Tenable Nessus
added 2010/01/07 12:0 a.m.19 views

phpLDAPadmin < 1.2 Local File Inclusion

Binary data 5291.prm...

7.5CVSS7.3AI score0.09996EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2009/11/16 12:0 a.m.18 views

Jumi Component for Joomla! <= 2.0.5 Backdoor Detection

The version of Joomla! running on the remote host is affected by a backdoor that is part of a trojan installation of Jumi, a third-party component used for including custom code into Joomla!. An unauthenticated, remote attacker can exploit this backdoor, by using specially crafted input to the...

6.2AI score
Exploits0References2
Ubuntu
Ubuntu
added 2009/06/24 8:0 p.m.109 views

USN-791-1: Moodle vulnerabilities

Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. CVE-2007-3215 Nigel McNie discovered that fetching https URLs di...

10CVSS8.3AI score0.54003EPSS
Exploits23
Tenable Nessus
Tenable Nessus
added 2009/06/23 12:0 a.m.39 views

Acajoom Component for Joomla! <= 3.2.6 Backdoor Detection

Acajoom, a third-party component for Joomla! for managing mailing lists, newsletters, auto-responders, and other communications, is running on the remote host. This version of Acajoom is equal or prior to 3.2.6. It is, therefore, affected by a backdoor in the self.acajoom.php script. An...

6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/05/27 12:0 a.m.32 views

WP-Lytebox 'pg' Parameter Local File Inclusion

The remote host is running WP-Lytebox, a plugin for WordPress that uses Lytebox to add a lightbox functionality to HTML content. The version of WP-Lytebox installed on the remote host fails to filter user-supplied input to the 'pg' parameter of the 'main.php' script before using it to include PHP...

7.5CVSS6.3AI score0.09083EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2009/04/07 12:0 a.m.44 views

Jinzora name Parameter Local File Inclusion

The remote host is running Jinzora, a web-based media streaming and management system written in PHP. The version of Jinzora installed on the remote host fails to filter user-supplied input to the 'name' variable in the 'index.php' script when 'op' is set before using it to include PHP code...

7.5CVSS6.2AI score0.02392EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2009/03/09 12:0 a.m.17 views

ZABBIX < 1.6.3 Web Interface locales.php extlang[] Remote Code Execution

Binary data 4951.prm...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2009/03/04 12:0 a.m.32 views

Coppermine Photo Gallery keysToSkip Parameter Overwrite

The version of Coppermine Photo Gallery installed on the remote host contains a flaw in the anti-registerglobals protective code in 'include/init.inc.php'. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated, remote attacker can leverage this issue using a specially crafted...

6.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2009/02/06 12:0 a.m.31 views

Jaws language Parameter Multiple Local File Includes

Jaws, a Framework and Content Management System for building dynamic websites, is installed on the remote system. The installed version fails to filter input to the 'language' parameter before using it to include PHP code in '/upgrade/index.php' and '/install/index.php'. Regardless of PHP's...

6.5CVSS6.3AI score0.06278EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2009/01/30 12:0 a.m.34 views

OpenX fc.php MAX_type Parameter Traversal Local File Inclusion

The remote host is running OpenX formerly Openads, an open source ad serving application written in PHP. The installed version of OpenX does not validate user-supplied input to the 'MAXtype' parameter of the 'www/delivery/fc.php' script before using it in a PHP 'include' function. Regardless of...

7.5CVSS6.3AI score0.07037EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2009/01/09 12:0 a.m.21 views

XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection

The version of XOOPS installed on the remote host fails to filter user-supplied input to the 'mydirname' parameter of the 'onupdate.php', 'notification.php', and 'oninstall.php' scripts under the application's 'xoopslib/modules/protector' directory before passing it to PHP 'eval' functions...

6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/01/08 12:0 a.m.71 views

XStandard Lite Plugin for Joomla! X_CMS_LIBRARY_PATH Header Directory Traversal

The version of Joomla! running on the remote host is distributed with a WYSIWYG editor plugin known as XStandard Lite. This plugin is affected by an information disclosure vulnerability in the attachmentlibrary.php script due to improper sanitization of user-supplied input to the XCMSLIBRARYPATH...

5CVSS5.5AI score0.06577EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2008/12/14 12:0 a.m.18 views

Moodle 'filter/tex/texed.php' 'pathname' Parameter Remote Command Execution

The version of Moodle installed on the remote host fails to sanitize user-supplied input to the 'pathname' parameter before using it in the 'filter/tex/texed.php' script in a commandline that is passed to the shell. Provided that PHP's 'registerglobals' setting and the TeX Notation filter has bot...

6.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2008/12/01 12:0 a.m.46 views

CMS Made Simple admin/login.php cms_language Cookie Local File Inclusion

The remote host is running CMS Made Simple, a content management system written in PHP. The version of CMS Made Simple installed on the remote host fails to sanitize user-supplied input to the 'cmslanguage' cookie when passed to the 'admin/login.php' script before using it to include PHP code...

5CVSS6.1AI score0.08934EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2008/09/26 12:0 a.m.18 views

MailWatch for MailScanner mailscanner/docs.php doc Parameter Traversal Local File Inclusion

The remote host is running MailWatch for MailScanner, a web-based front-end to MailScanner written in PHP. The version of MailWatch for MailScanner installed on the remote host fails to sanitize user-supplied input to the 'doc' parameter of the 'docs.php' script before using it to include PHP cod...

7.5CVSS6.1AI score0.05937EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2008/08/08 12:0 a.m.1033 views

Pligg settemplate.php template Parameter Local File Inclusion

The remote host is running Pligg, an open source content management system. The installed version of Pligg fails to sanitize the 'template' cookie before using it in 'config.php' to include PHP code. An unauthenticated, remote attacker can exploit this issue to view arbitrary files or even execut...

7.8CVSS6.1AI score0.08298EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2008/07/18 12:0 a.m.19 views

fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion

The remote host is running fuzzylime cms, a PHP-based content management system. The version of fuzzylime cms installed on the remote host fails to sanitize user-supplied input to the 'files' parameter of the 'commsrss.php' script before using it to include PHP code. Regardless of PHP's...

10CVSS6.5AI score0.08557EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2008/07/02 12:0 a.m.19 views

Wordtrans-web exec_wordtrans Function Arbitrary Command Execution

The remote host is running wordtrans-web, a web-based front-end for wordtrans, for translating words. The version of wordtrans-web installed on the remote host fails to sanitize input to the 'advanced' parameter of the 'wordtrans.php' script before using it in an 'passthru' statement to execute P...

5.8AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2008/05/02 12:0 a.m.26 views

ActualAnalyzer Lite style Parameter Traversal Local File Inclusion

The remote host is running ActualAnalyzer, a PHP-based tool for monitoring website traffic. The version of ActualAnalyzer installed on the remote host fails to sanitize user-supplied input to the 'style' parameter of the 'admin.php' script before using it to include PHP code. Regardless of PHP's...

7.5CVSS6.1AI score0.06288EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2008/01/24 12:0 a.m.43 views

MoinMoin MOIN_ID Cookie userform Action Traversal Arbitrary File Overwrite

The remote host is running MoinMoin, a wiki application written in Python. The version of MoinMoin installed on the remote host fails to validate input to the 'MOINID' cookie before using it to read and write user profiles. By providing the name of a file that exists on the remote host and is...

5CVSS5.9AI score0.14787EPSS
Exploits0References2
Rows per page
Query Builder