[vuln.sg] CruiseWorks Directory Traversal and Buffer Overflow Vulnerabilities

vuln.sg Vulnerability Research Advisory CruiseWorks Directory Traversal and Buffer Overflow Vulnerabilities by Tan Chew Keong Release Date: 2006-10-24 Summary ------- Two vulnerabilities have been found in CruiseWorks. When exploited, the vulnerabilities allow an authenticated user to retrieve...

Ariadne CMS 2.4 - Remote File Inclusion

Ariadne CMS 2.4 - Remote File Inclusion source: https://www.securityfocus.com/bid/13206/info A remote file include vulnerability affects Ariadne CMS. This issue is due to a failure of the application to validate critical parameters before using them in a 'requireonce' function call. An attacker m...

Headline Portal Engine 0.x/1.0 - 'HPEInc' Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/19663/info Multiple remote file-include vulnerabilities affect HPE because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage these issues to execute arbitrary...

TWiki Privilege Escalation

Binary data 3657.prm...

phpListPro Multiple Script returnpath Parameter Remote File Inclusions

The remote host is running phpListPro, a website voting/ranking tool written in PHP. The installed version of phpListPro fails to sanitize user input to the 'returnpath' parameter of the 'config.php', 'editsite.php', 'addsite.php', and 'in.php' scripts before using it to include PHP code from oth...

Orjinweb - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/16199/info Orjinweb is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected compute...

AppServ Open Project 2.4.5 - Remote File Inclusion

AppServ Open Project 2.4.5 - Remote File Inclusion source: https://www.securityfocus.com/bid/16166/info AppServ Open Project is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this...

MarmaraWeb E-Commerce - Remote File Inclusion

source: https://www.securityfocus.com/bid/15877/info E-commerce is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious...

PHP Upload Center - 'index.php' Directory Traversal

source: https://www.securityfocus.com/bid/15621/info PHP Upload Center is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. An attacker can exploit this issue to retrieve arbitrary remote files on an affected computer with the...

GuppY 4.5 - 'editorTypetool.php?meskin' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/15610/info GuppY is affected by multiple local file include and information disclosure vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web...

Athena PHP Website Administration 0.1 - Remote File Inclusion

Athena PHP Website Administration 0.1 - Remote File Inclusion source: https://www.securityfocus.com/bid/15574/info Athena PHP Website Administration is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...

Q-News 2.0 - Remote File Inclusion

source: https://www.securityfocus.com/bid/15576/info Q-News is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer...

PHPGreetz 0.99 - Remote File Inclusion

source: https://www.securityfocus.com/bid/15575/info phpGreetz is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected comput...

vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting

vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is pro...

Torrential 1.2 - 'Getdox.php' Directory Traversal

source: https://www.securityfocus.com/bid/15530/info Torrential is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. An attacker can exploit this issue to retrieve arbitrary remote PHP code on an affected computer with the privilege...

Alstrasoft Template Seller Pro 3.25 - Remote File Inclusion

Alstrasoft Template Seller Pro 3.25 - Remote File Inclusion source: https://www.securityfocus.com/bid/15441/info Template Seller Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit...

Codegrrl - Protection.php Code Execution

Codegrrl - Protection.php Code Execution source: https://www.securityfocus.com/bid/15417/info Unspecified Codegrrl applications are prone to a remote arbitrary code execution vulnerability. This is due to a lack of proper sanitization of user-supplied input. An attacker can exploit this to execut...

OSTE 1.0 - Remote File Inclusion

OSTE 1.0 - Remote File Inclusion source: https://www.securityfocus.com/bid/15340/info OSTE is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PH...

OSTE 1.0 - Remote File Inclusion

source: https://www.securityfocus.com/bid/15340/info OSTE is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer wi...

PHPFM - Arbitrary File Upload

source: https://www.securityfocus.com/bid/15335/info PHPFM is prone to an arbitrary file upload vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the Web server process. This may facilitate unauthorized access or privilege...