EUVD-2006-2015

Malware in sbrugna...

EUVD-2006-2014

Malware in sbrugna...

EUVD-2006-2016

Malware in sbrugna...

SL_Site <= 1.0 (spaw_root) Remote File Include Vulnerability

No description provided by source. --------------------------------------------------------------------------- SLSite = 1.0 spawroot Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team :...

Web-Provence SL_Site Spaw_control.class.PHP参数远程文件包含漏洞

Web-Provence SLSite是一款基于PHP的WEB应用程序。 Web-Provence SLSite不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Spawcontrol.class.PHP'脚本对用户提交的'spawroot'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Web-Provence SLsite 1.0 目前没有解决方案提供,请关注以下链接： http://www.web-provence.org/...

CVE-2006-4656

CVE-2006-4656 is a PHP remote file inclusion in SPAW Editor’s spaw_control.class.php (Web Provence SL_Site 1.0 and earlier) allowing code execution via a URL in spaw_root; analysis notes the issue originates in a third‑party SPAW Editor PHP Edition. Related records (CVE-2007-3237/3289) describe t...

slsite10.txt

--------------------------------------------------------------------------- SLSite = 1.0 spawroot Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team : hTTp://RST-CREW.net : Remote : Yes Critical...

SL_Site 1.0 - &#039;spaw_root&#039; Remote File Inclusion

--------------------------------------------------------------------------- SLSite = 1.0 spawroot Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team : hTTp://RST-CREW.net : Remote : Yes Critical...

SL_Site &lt;= 1.0 [spaw_root] Remote File Include Vulnerability

--------------------------------------------------------------------------- SLSite = 1.0 spawroot Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team : hTTp://RST-CREW.net : Remote : Yes Critical...

SL_Site 1.0 - spaw_root Remote File Inclusion

SLSite 1.0 - spawroot Remote File Inclusion --------------------------------------------------------------------------- SLSite = 1.0 spawroot Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team :...

SL_Site <= 1.0 (spaw_root) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================ SLSite = 1.0 spawroot Remote File Include Vulnerability ============================================================...

SL_Site &lt;= 1.0 (spaw_root) Remote File Include Vulnerability

No description provided by source. --------------------------------------------------------------------------- SLSite = 1.0 spawroot Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team :...

Directory traversal

Directory traversal vulnerability in gallerie.php in SLsite 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this issue could be used to produce resultant XSS fro...

CVE-2006-2015

Cross-site scripting XSS vulnerability in SLsite 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as reported in the original disclosure, are resultant from other primary vulnerabilities that have separate CV...

Sql injection

SQL injection vulnerability in page.php in SLsite 1.0 allows remote attackers to execute arbitrary SQL commands via the idpage parameter. NOTE: this issue could be used to produce resultant XSS from an error message...

CVE-2006-2014

CVE-2006-2014 affects SL_site 1.0: a directory traversal in gallerie.php allows remote attackers to list images in arbitrary directories using .. sequences in the rep parameter, which is used to build a directory name in admin/config.inc.php. The issue can potentially lead to an XSS condition via...

CVE-2006-2013

The CVE-2006-2013 issue concerns SL_site 1.0 with a SQL injection in page.php via the id_page parameter. The vulnerability allows remote execution of arbitrary SQL commands, and the error message could trigger a resultant XSS. Affected component: page.php in SL_site 1.0; root cause: improper inpu...

CVE-2006-2015

Cross-site scripting XSS vulnerability in SLsite 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as reported in the original disclosure, are resultant from other primary vulnerabilities that have separate CV...

CVE-2006-2015

CVE-2006-2015 is an XSS vulnerability in SL_site 1.0, exploitable through the recherche parameter in recherche.php. The issue is documented to allow remote attackers to inject arbitrary web script or HTML. The associated CVSSv2 details indicate Network attack vector, High access complexity, no au...

CVE-2006-2014

Directory traversal vulnerability in gallerie.php in SLsite 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this issue could be used to produce resultant XSS fro...