247 matches found
phpLDAPadmin < 1.2 Local File Inclusion
Binary data 5291.prm...
Jumi Component for Joomla! <= 2.0.5 Backdoor Detection
The version of Joomla! running on the remote host is affected by a backdoor that is part of a trojan installation of Jumi, a third-party component used for including custom code into Joomla!. An unauthenticated, remote attacker can exploit this backdoor, by using specially crafted input to the...
USN-791-1: Moodle vulnerabilities
Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. CVE-2007-3215 Nigel McNie discovered that fetching https URLs di...
Acajoom Component for Joomla! <= 3.2.6 Backdoor Detection
Acajoom, a third-party component for Joomla! for managing mailing lists, newsletters, auto-responders, and other communications, is running on the remote host. This version of Acajoom is equal or prior to 3.2.6. It is, therefore, affected by a backdoor in the self.acajoom.php script. An...
WP-Lytebox 'pg' Parameter Local File Inclusion
The remote host is running WP-Lytebox, a plugin for WordPress that uses Lytebox to add a lightbox functionality to HTML content. The version of WP-Lytebox installed on the remote host fails to filter user-supplied input to the 'pg' parameter of the 'main.php' script before using it to include PHP...
Jinzora name Parameter Local File Inclusion
The remote host is running Jinzora, a web-based media streaming and management system written in PHP. The version of Jinzora installed on the remote host fails to filter user-supplied input to the 'name' variable in the 'index.php' script when 'op' is set before using it to include PHP code...
ZABBIX < 1.6.3 Web Interface locales.php extlang[] Remote Code Execution
Binary data 4951.prm...
Coppermine Photo Gallery keysToSkip Parameter Overwrite
The version of Coppermine Photo Gallery installed on the remote host contains a flaw in the anti-registerglobals protective code in 'include/init.inc.php'. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated, remote attacker can leverage this issue using a specially crafted...
Jaws language Parameter Multiple Local File Includes
Jaws, a Framework and Content Management System for building dynamic websites, is installed on the remote system. The installed version fails to filter input to the 'language' parameter before using it to include PHP code in '/upgrade/index.php' and '/install/index.php'. Regardless of PHP's...
OpenX fc.php MAX_type Parameter Traversal Local File Inclusion
The remote host is running OpenX formerly Openads, an open source ad serving application written in PHP. The installed version of OpenX does not validate user-supplied input to the 'MAXtype' parameter of the 'www/delivery/fc.php' script before using it in a PHP 'include' function. Regardless of...
XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection
The version of XOOPS installed on the remote host fails to filter user-supplied input to the 'mydirname' parameter of the 'onupdate.php', 'notification.php', and 'oninstall.php' scripts under the application's 'xoopslib/modules/protector' directory before passing it to PHP 'eval' functions...
XStandard Lite Plugin for Joomla! X_CMS_LIBRARY_PATH Header Directory Traversal
The version of Joomla! running on the remote host is distributed with a WYSIWYG editor plugin known as XStandard Lite. This plugin is affected by an information disclosure vulnerability in the attachmentlibrary.php script due to improper sanitization of user-supplied input to the XCMSLIBRARYPATH...
Moodle 'filter/tex/texed.php' 'pathname' Parameter Remote Command Execution
The version of Moodle installed on the remote host fails to sanitize user-supplied input to the 'pathname' parameter before using it in the 'filter/tex/texed.php' script in a commandline that is passed to the shell. Provided that PHP's 'registerglobals' setting and the TeX Notation filter has bot...
CMS Made Simple admin/login.php cms_language Cookie Local File Inclusion
The remote host is running CMS Made Simple, a content management system written in PHP. The version of CMS Made Simple installed on the remote host fails to sanitize user-supplied input to the 'cmslanguage' cookie when passed to the 'admin/login.php' script before using it to include PHP code...
MailWatch for MailScanner mailscanner/docs.php doc Parameter Traversal Local File Inclusion
The remote host is running MailWatch for MailScanner, a web-based front-end to MailScanner written in PHP. The version of MailWatch for MailScanner installed on the remote host fails to sanitize user-supplied input to the 'doc' parameter of the 'docs.php' script before using it to include PHP cod...
Pligg settemplate.php template Parameter Local File Inclusion
The remote host is running Pligg, an open source content management system. The installed version of Pligg fails to sanitize the 'template' cookie before using it in 'config.php' to include PHP code. An unauthenticated, remote attacker can exploit this issue to view arbitrary files or even execut...
fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion
The remote host is running fuzzylime cms, a PHP-based content management system. The version of fuzzylime cms installed on the remote host fails to sanitize user-supplied input to the 'files' parameter of the 'commsrss.php' script before using it to include PHP code. Regardless of PHP's...
Wordtrans-web exec_wordtrans Function Arbitrary Command Execution
The remote host is running wordtrans-web, a web-based front-end for wordtrans, for translating words. The version of wordtrans-web installed on the remote host fails to sanitize input to the 'advanced' parameter of the 'wordtrans.php' script before using it in an 'passthru' statement to execute P...
ActualAnalyzer Lite style Parameter Traversal Local File Inclusion
The remote host is running ActualAnalyzer, a PHP-based tool for monitoring website traffic. The version of ActualAnalyzer installed on the remote host fails to sanitize user-supplied input to the 'style' parameter of the 'admin.php' script before using it to include PHP code. Regardless of PHP's...
MoinMoin MOIN_ID Cookie userform Action Traversal Arbitrary File Overwrite
The remote host is running MoinMoin, a wiki application written in Python. The version of MoinMoin installed on the remote host fails to validate input to the 'MOINID' cookie before using it to read and write user profiles. By providing the name of a file that exists on the remote host and is...