143 matches found
pMachine 1.0/2.x Search Module Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7981/info Reportedly, pMachine is vulnerable to a cross-site scripting attack. The vulnerability is present in the search module. The issue presents itself likely due to insufficient sanitization performed on user-supplie...
osCommerce 2.2 products_id URI Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9275/info It has been reported that one of the scripts included with osCommerce fails to validate user-supplied input, rendering it vulnerable to a SQL injection attack. It has been reported that an attacker may supply...
PHP 4/5 Input/Output Wrapper Remote Include Function Command Execution Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10427/info PHP is reportedly affected by an arbitrary command-execution weakness through the PHP 'include' function. This issue is due to a design error that allows the execution of attacker-supplied POST PHP commands whe...
Siteman 1.1 User Database Privilege Escalation Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/12304/info Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. Apparently, an attacker can supply...
Siteman 1.1 User Database Privilege Escalation Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/12304/info Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. Apparently, an attacker can supply...
Mozilla: Content Security Policy 1.0 implementation errors cause data leakage (MFSA 2012-53)
The Content Security Policy CSP functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violatio...
CVE-2012-0030
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...
CVE-2011-1699
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url...
CVE-2010-4798
Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter...
CVE-2010-3455
Cross-site scripting XSS vulnerability in index.php in AChecker 1.0 allows remote attackers to inject arbitrary web script or HTML via the uri parameter...
CVE-2010-3455
Cross-site scripting XSS vulnerability in index.php in AChecker 1.0 allows remote attackers to inject arbitrary web script or HTML via the uri parameter...
phpldapadmin Local File Inclusion
No description provided by source. PHPLDAPADMIN LOCAL FILE INCLUSION author : ipsecs website : http://ipsecs.com Date : December, 10th, 2009 -i- Description "Phpldapadmin is web based LDAP client which provides easy, anywhere-accessible, multi-language administration for LDAP server."...
phpLDAPadmin - Local File Inclusion
PHPLDAPADMIN LOCAL FILE INCLUSION author : ipsecs website : http://ipsecs.com Date : December, 10th, 2009 -i- Description "Phpldapadmin is web based LDAP client which provides easy, anywhere-accessible, multi-language administration for LDAP server." http://phpldapadmin.sourceforge.net vulnerable...
phpldapadmin Local File Inclusion
Exploit for unknown platform in category web applications ================================= phpldapadmin Local File Inclusion ================================= PHPLDAPADMIN LOCAL FILE INCLUSION author : ipsecs website : http://ipsecs.com Date : December, 10th, 2009 -i- Description "Phpldapadmin i...
e-Courier CMS Tracking xss
Exploit for unknown platform in category web applications ========================== e-Courier CMS Tracking xss ========================== Vendor: e-Courier http://www.ecouriersoftware.com/ Product: CMS Tracking Site Issue: Cross-Site Scripting. Description: Nearly all pages include the URI...
MediaWiki 'IP'参数远程文件包含漏洞
BUGTRAQ: 9057 MediaWiki没有充分过滤用户提交的URI参数,远程攻击者可以利用这个漏洞包含远程服务器上的恶意文件,以WEB权限执行任意代码。 问题应该是对MediaWiki的'IP'参数缺少充分过滤,包含文件可被攻击者任意指令,如果指定远程服务器的恶意PHP文件,可导致以WEB进程权限执行。 MediaWiki-stable 20030829/20031107 临时解决方法: 如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁: 修改php.ini配置文件,关闭'allowurlfopen'和'registerglobals'选项。 厂商补丁:...
Directory traversal
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. dot dot in the uri parameter to dispatcher.php in 1 examples/dispatcher/framework/, 2 examples/dispatcher/, 3 examples/wizard/, and 4 PHP/, different vectors than...
Directory traversal
Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter to 1 languagesn.php, 2 languagesf.php, or 3 languages.php in inc/; and 4 allow remote attackers to read arbitrary...
NucleusCMS/Blog:CMS/PunBB未明远程文件包含漏洞
CMS/Blog:CMS/PunBB是基于WEB的BLOG系统和论坛系统。CMS/Blog:CMS/PunBB对用户提交的URI参数缺少充分过滤,远程攻击者可以利用这个漏洞以WEB进程权限在系统上执行任意命令。目前没有详细漏洞细节提供 PunBB PunBB 1.0-1.1.4/Nucleus CMS 3.0-3.0 RC/BLOG:CMS 3.0-3.1.3 厂商补丁:BLOG:CMS--------目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:BLOG:CMS Upgrade BLOG:CMS...
Looking Glass 20040427 - Remote Command Execution
Looking Glass 20040427 - Remote Command Execution source: https://www.securityfocus.com/bid/14682/info Looking Glass may be exploited to execute arbitrary commands. An attacker can prefix arbitrary commands with the '|' character, supply them through a URI parameter and have them executed in the...