61 matches found
EUVD-2003-0475
Malware in sbrugna...
EUVD-2004-2153
Malware in sbrugna...
EUVD-2008-0161
Malware in sbrugna...
EUVD-2003-0476
Malware in sbrugna...
EUVD-2008-0162
Malware in sbrugna...
TUTOS phpinfo() Information Disclosure (HTTP) - Active Check
TUTOS allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
TUTOS Detection
The script sends a HTTP request to the server and attempts to extract the version from the reply. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Tutos 1.1 .20031017 note_overview.php id Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/10129/info Multiple vulnerabilities have been identified in various modules of TUTOS. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, and...
Tutos 1.1 File_New Arbitrary File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8012/info It has been reported that Tutos does not properly handle input to the filenew script. Because of this, an attacker may be able to upload arbitrary files to a vulnerable site. We can upload via...
Tutos 1.1 File_Select.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8011/info It has been reported that Tutos does not properly handle input to the fileselect script. Because of this, an attacker may be able to execute code in the browser of another user with the privileges of the...
TUTOS app_new.php t Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/11221/info Tutos is reported prone to multiple remote input-validation vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting...
TUTOS file_overview.php link_id Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/11221/info Tutos is reported prone to multiple remote input-validation vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting...
Debian: Security Advisory (DSA-980-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Information disclosure
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function...
CVE-2008-0148
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request...
CVE-2008-0149
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function...
CVE-2008-0149
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function...
CVE-2008-0148
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request...
Server side request forgery (ssrf)
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request...
CVE-2008-0149
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function...