4 matches found
Sql injection
SQL injection vulnerability in spipaccesdoc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter...
Directory traversal
Directory traversal vulnerability in SpipRSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALStypeurls parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file...
CVE-2006-0625
Directory traversal vulnerability in SpipRSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALStypeurls parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file...
SPIP 1.8.2g - Remote Command Execution
SPIP 1.8.2g - Remote Command Execution this works regardless of magicquotesgpc settings usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Fighting with a large army under your command is nowise different from fighting with a small one: it is merely a question of instituting...