133 matches found
CVE-2008-2840
Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the theme parameter to 1 custompage.php, 2 errors/404.php, 3 members/memberslist.php, 4 members/profile.php, 5 news/fullview.php, 6...
CVE-2008-2840
Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the theme parameter to 1 custompage.php, 2 errors/404.php, 3 members/memberslist.php, 4 members/profile.php, 5 news/fullview.php, 6...
Directory traversal
Multiple directory traversal vulnerabilities in Quick and Dirty Blog QDBlog 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the theme parameter to categories.php and other unspecified files...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board GPB unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 db.mysql.inc.php or 2 gpb.inc.php in include/, or the 3 theme parameter to themes/ubb/login.php...
Debian DSA-901-1 : gnump3d - programming error
Several vulnerabilities have been discovered in gnump3d, a streaming server for MP3 and OGG files. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2005-3349 Ludwig Nussel discovered several temporary files that are created with predictable filenames in a...
Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities
Dkmanlar »» Dkman oku --Security Report-- Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 27/05/06 03:16 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: MiniNuke...
CVE-2006-2417
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031...
DEBIAN-CVE-2006-2417
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031...
Cross site scripting
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the settheme parameter...
CVE-2006-1258
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the settheme parameter...
DEBIAN-CVE-2006-1258
Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the settheme parameter...
CVE-2005-2561
MYFAQ 1.0 contains multiple SQL injection vulnerabilities reachable via the Theme, SousTheme, Faq, and question parameters across several PHP pages (affichagefaq.php3, choixsoustheme.php3, consultation.php3, insfaq.php3, inssoustheme.php3, instheme.php3, saisiefaqtotale.php3, saisiesoustheme.php3...
DEBIAN-CVE-2005-0567
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...