5 matches found
CVE-2008-0149
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function...
CVE-2003-0482
TUTOS 1.1 allows remote attackers to execute arbitrary code by uploading the code using filenew.php, then directly accessing the uploaded code via a request to the repository containing the code...
Tutos 1.1 - File_Select.php Cross-Site Scripting
Tutos 1.1 - FileSelect.php Cross-Site Scripting source: https://www.securityfocus.com/bid/8011/info It has been reported that Tutos does not properly handle input to the fileselect script. Because of this, an attacker may be able to execute code in the browser of another user with the privileges ...
Tutos 1.1 - File_New Arbitrary File Upload
Tutos 1.1 - FileNew Arbitrary File Upload source: https://www.securityfocus.com/bid/8012/info It has been reported that Tutos does not properly handle input to the filenew script. Because of this, an attacker may be able to upload arbitrary files to a vulnerable site. We can upload via...
Tutos 1.1 - File_New Arbitrary File Upload
source: https://www.securityfocus.com/bid/8012/info It has been reported that Tutos does not properly handle input to the filenew script. Because of this, an attacker may be able to upload arbitrary files to a vulnerable site. We can upload via...