45 matches found
CVE-2002-0267
preferences.php in Simple Internet Publishing System SIPS before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file...
SIPS (PHP)
Product : SIPS Version : v0.2.2 WebSite : http://www.squishdot.org Problem : Viewing users account Description: ------------ You could easily look throught any user's account without any permissions. Each of them is in dir names after first letter of his login. For example foo will have url like...
CVE-2002-2218
CRLF injection vulnerability in the setUserValue function in sipssys/code/site.inc.php in Haakon Nilsen simple, integrated publishing system SIPS before 20020209 has unknown impact, possibly gaining privileges or modifying critical configuration, via a CRLF sequence in a key value...
SIPS - vulnerable to anyone gaining admin access.
!/exploit/by/b0iler sips - http://sourceforge.net/projects/sips/ versions lower than 0.3.1 Taken from freshmeat: "About: SIPS is an integrated Weblog and link-indexing system written in PHP. It is aimed at those with access to databaseless, PHP-enabled Web servers who want to run a Weblog site li...
CVE-2000-1241
Unspecified vulnerability in Haakon Nilsen simple, integrated publishing system SIPS before 0.2.4 has an unknown impact and attack vectors, related to a "grave security fault."...