Lucene search
+L

247 matches found

Tenable Nessus
Tenable Nessus
added 2006/10/03 12:0 a.m.19 views

OpenBiblio < 0.5.2 Multiple Scripts Local File Inclusion

The remote host is running OpenBiblio, a free, automated library system written in PHP. The version of OpenBiblio installed on the remote host fails to sanitize user-supplied input to the 'tab' and 'page' parameters of the 'shared/header.php' and 'shared/help.php' scripts, respectively before usi...

7.5CVSS6.1AI score0.01971EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2006/09/19 12:0 a.m.48 views

Exponent CMS index.php view Parameter Local File Inclusion

The remote host is running Exponent CMS, an open source content management system written in PHP. The version of Exponent CMS installed on the remote host fails to properly sanitize user-supplied input to the 'view' parameter before using it in the 'modules/calendarmodule/class.php' script to...

6.4CVSS6.2AI score0.06994EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2006/08/17 12:0 a.m.25 views

barracudeArbitrary.txt

Title: Barracuda Arbitrary File Disclosure Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected] Discovered on: 29 May 2006 Overview: Barracuda Spam...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/07/15 12:0 a.m.544 views

Mambo / Joomla! Component / Module 'mosConfig_absolute_path' Multiple Parameter Remote File Include Vulnerabilities

A third-party component for Mambo, Module, or Joomla! is running on the remote host. At least one of these components is a version that is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'mosConfigabsolutepath' parameter before using it t...

7.5CVSS6AI score0.37581EPSS
Exploits40References51
Tenable Nessus
Tenable Nessus
added 2006/05/23 12:0 a.m.47 views

XOOPS xoopsConfig Parameter Variable Overwrite Local File Inclusion

The version of XOOPS installed on the remote host allows an unauthenticated attacker to skip processing of the application's 'include/common.php' script and thereby to gain control of the variables '$xoopsConfiglanguage' and '$xoopsConfigthemeset', which are used by various scripts to include PHP...

5.1CVSS6.2AI score0.06351EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2006/04/17 12:0 a.m.26 views

phpWebFTP index.php language Parameter Local File Inclusion

The remote host is running phpWebFTP, a web-based FTP client written in PHP. The version of phpWebFTP installed on the remote host fails to sanitize user-supplied input to the 'language' parameter of the 'index.php' script before using it in a PHP 'include' function. An unauthenticated attacker m...

6.4CVSS6.3AI score0.01764EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2006/04/16 12:0 a.m.25 views

PAJAX < 0.5.2 Multiple Vulnerabilities

The remote host is running PAJAX, a PHP library for remote asynchronous objects in JavaScript. The version of PAJAX installed on the remote host fails to validate input to the 'pajax/pajaxcalldispatcher.php' script before using it in a PHP 'eval' function. An unauthenticated attacker can exploit...

7.5CVSS6AI score0.36127EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2006/04/08 12:0 a.m.36 views

GLSA-200604-02 : Horde Application Framework: Remote code execution

The remote host is affected by the vulnerability described in GLSA-200604-02 Horde Application Framework: Remote code execution Jan Schneider of the Horde team discovered a vulnerability in the help viewer of the Horde Application Framework that could allow remote code execution CVE-2006-1491. Pa...

7.5CVSS6.5AI score0.38441EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2006/03/16 12:0 a.m.302 views

Horde < 3.1 go.php url Parameter File Disclosure

Binary data 3477.prm...

5CVSS7AI score0.12174EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2006/03/03 12:0 a.m.54 views

Limbo CMS index.php Itemid Parameter Arbitrary Command Execution

The remote host is running Limbo CMS, a content-management system written in PHP. The installed version of Limbo fails to sanitize input to the 'Itemid' parameter before using it as part of a search string in an 'eval' statement in the 'classes/adodbt/readtable.php' script. Regardless of PHP's...

7.5CVSS6AI score0.03281EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2006/02/05 12:0 a.m.71 views

Loudblog backend_settings.php Multiple Parameter Remote File Inclusion

The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files. The installed version of Loudblog fails to validate user input to the 'GLOBALSpath' and 'language' parameters before using them in the 'loudblog/inc/backendsettings.php' script in a PHP 'includ...

7.5CVSS5.8AI score0.09164EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2005/12/30 12:0 a.m.34 views

GLSA-200512-13 : Dropbear: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200512-13 Dropbear: Privilege escalation Under certain conditions Dropbear could fail to allocate a sufficient amount of memory, possibly resulting in a buffer overflow. Impact : By sending specially crafted data to the server,...

6.5CVSS6.5AI score0.03441EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/11/16 12:0 a.m.74 views

Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)

The remote host is running Exponent CMS, an open source content management system written in PHP. The version of Exponent CMS installed on the remote host fails to sanitize input to the 'id' parameter of the resource module before using it in database queries. An unauthenticated attacker can...

10CVSS6.4AI score0.02688EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2005/11/14 12:0 a.m.20 views

TikiWiki < 1.8.6 / 1.9.1 Multiple Vulnerabilities

The remote host is running TikiWiki, an open source wiki application written in PHP. The version of TikiWiki installed on the remote host fails to sanitize input to the 'language' parameter of the 'tiki-userpreferences.php' script before using it in a PHP 'include' function. An authenticated...

7.5CVSS6.2AI score0.0265EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/11/04 12:0 a.m.49 views

CuteNews Multiple Script Traversal Privilege Escalation

The version of CuteNews installed on the remote host fails to sanitize input to the 'template' parameter of the 'showarchives.php' and 'shownews.php' scripts. An attacker can exploit this issue to read arbitrary files and possibly even execute arbitrary PHP code on the remote host, subject to the...

5CVSS6.3AI score0.12449EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2005/10/26 12:0 a.m.75 views

phpMyAdmin < 2.6.4-pl3 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote host is affected by a local file inclusion vulnerability that can be exploited by an unauthenticated attacker to read arbitrary files, and possibly even to execute arbitrary PHP code on the affected host subject to the permissions of the web serve...

5CVSS5.7AI score0.05617EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2005/10/05 12:2 p.m.6 views

security flaw

smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings...

4.1CVSS5.8AI score0.00318EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/09/22 12:0 a.m.24 views

PunBB < 1.2.8 Multiple Vulnerabilities

Binary data 3235.prm...

4.6CVSS7.3AI score0.00938EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2005/09/14 12:0 a.m.26 views

Mail-it Now! Upload2Server Predictable Filename Upload Arbitrary Code Execution

The remote host is running Mail-it Now! Upload2Server, a free, PHP feedback form script supporting file uploads. The version of Upload2Server installed on the remote host stores uploaded files insecurely. An attacker may be able to exploit this flaw to upload a file with arbitrary code and then...

6.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/04/29 12:0 a.m.104 views

Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)

The version of Claroline an open source, collaborative learning environment installed on the remote host suffers from a number of remotely-exploitable vulnerabilities, including: - Multiple Remote File Include Vulnerabilities Four scripts let an attacker read arbitrary files on the remote host an...

7.5CVSS6.5AI score0.04863EPSS
Exploits3References5
Rows per page
Query Builder