Polaring <= 0.04.03 (general.php) Remote File Include Vulnerability

No description provided by source. ToXiC Polaring Remote File Include BuG FounD by Drago84 Application Affect: Polaring Remote File Include Source Code: http://sourceforge.net/project/showfiles.php?groupid=150989&packageid=166837&releaseid=444225 Problem: require$SESSION'dirMain'.'/view/css.php';...

Web-News <= 1.6.3 (template.php) Remote File Include Vulnerability

No description provided by source. ToXiC BuG FounD by Drago84 Application Affect: WebNews Source Code: http://prdownloads.sourceforge.net/web-news/WebNews-1.6.3.zip?usemirror=superb-west Problem: ? include$contentpage; ? Solution : Declare $contentpage Page Vulnerable : template.php Exempe Of...

ZoomStats 1.0.2 - mysql.php Remote File Inclusion

ZoomStats 1.0.2 - mysql.php Remote File Inclusion ToXiC BuG FounD by Drago84 Application Affect:ZoomStats Source Code: http://prdownloads.sourceforge.net/zoomstats/ZoomStats-v1.0.2.zip?usemirror=kent Problem: $GLOBALS'lib''db''path' array not declare Solution : $GLOBALS'lib''db''path' Page...

[SA22000] Feedsplitter Script Insertion and Local File Inclusion

TITLE: Feedsplitter Script Insertion and Local File Inclusion SECUNIA ADVISORY ID: SA22000 VERIFY ADVISORY: http://secunia.com/advisories/22000/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of sensitive information, System access WHERE: From remote SOFTWARE: Feedsplitter...

[SA21955] aeDating "dir[inc]" File Inclusion Vulnerabilities

TITLE: aeDating "dirinc" File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA21955 VERIFY ADVISORY: http://secunia.com/advisories/21955/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: aeDating 4.x http://secunia.com/product/5709/ aeDating 3.x...

CVE-2006-4663

The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions 0666 and 0777 for certain files and directories, which might allow local users to insert Trojan horse source code that would be used during the next kernel compilation. NOTE:...

CVE-2006-4663

The CVE-2006-4663 entry concerns weak permissions (0666/0777) in the Linux kernel source tarballs for 2.6.16 through 2.6.17.11, potentially allowing a local user to insert Trojan horse source code that could be used when the kernel is next compiled. Primary details from connected documents indica...

CVE-2006-4663

The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions 0666 and 0777 for certain files and directories, which might allow local users to insert Trojan horse source code that would be used during the next kernel compilation. NOTE:...

CVE-2006-4663

The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions 0666 and 0777 for certain files and directories, which might allow local users to insert Trojan horse source code that would be used during the next kernel compilation. NOTE:...

[SA21807] Fantastic News "CONFIG[script_path]" File Inclusion Vulnerabilities

TITLE: Fantastic News "CONFIGscriptpath" File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA21807 VERIFY ADVISORY: http://secunia.com/advisories/21807/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Fantastic News 2.x http://secunia.com/product/6254/ DESCRIPTION:...

[SA21796] photokorn "dir_path" File Inclusion Vulnerabilities

TITLE: photokorn "dirpath" File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA21796 VERIFY ADVISORY: http://secunia.com/advisories/21796/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: photokorn 1.x http://secunia.com/product/9586/ DESCRIPTION: Some vulnerabilitie...

CVE-2006-4549

CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified...

CVE-2006-4549

CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified...

CVE-2006-4542

Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null "%00" character, which allows remote attackers to conduct cross-site scripting XSS, read CGI program source code, list directories, and possibly execute programs...

[SA21690] Webmin / Usermin Cross-Site Scripting and Source Code Disclosure

TITLE: Webmin / Usermin Cross-Site Scripting and Source Code Disclosure SECUNIA ADVISORY ID: SA21690 VERIFY ADVISORY: http://secunia.com/advisories/21690/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of sensitive information WHERE: From remote SOFTWARE: Webmin 1.x...

YaPiG thanks_comment.php Cross-Site Scripting Vulnerability

/ Kuon Armorize Security Team Kuon-at-Armorize.com YaPiG thankscomment.php Cross-Site Scripting Vulnerability Contact : Kuon-at-Armorize.com Link : www.Armorize.com / Armorize Technologies Security Advisory Advisory No: 20061001 Date: 2006/08/25 Affected Software: yapig 0.95b Vulnerability...

Phaos 0.9.2 - 'basename()' Remote Command Execution

DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patriots : - Leito & Leon TomZen, Gelo, Ramzes, DMX,...

[SA21584] Empire CMS "check_path" File Inclusion Vulnerability

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...

[SA21572] Tutti Nova "TNLIB_DIR" File Inclusion Vulnerabilities

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...

[SA21594] SportsPHool "mainnav" File Inclusion Vulnerability

TITLE: SportsPHool "mainnav" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA21594 VERIFY ADVISORY: http://secunia.com/advisories/21594/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: SportsPHool 1.x http://secunia.com/product/11629/ DESCRIPTION: Kacper has...