Lucene search
+L

201 matches found

Tenable Nessus
Tenable Nessus
added 2006/09/19 12:0 a.m.48 views

Exponent CMS index.php view Parameter Local File Inclusion

The remote host is running Exponent CMS, an open source content management system written in PHP. The version of Exponent CMS installed on the remote host fails to properly sanitize user-supplied input to the 'view' parameter before using it in the 'modules/calendarmodule/class.php' script to...

6.4CVSS6.2AI score0.06994EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2006/08/17 12:0 a.m.25 views

barracudeArbitrary.txt

Title: Barracuda Arbitrary File Disclosure Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected] Discovered on: 29 May 2006 Overview: Barracuda Spam...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/07/15 12:0 a.m.544 views

Mambo / Joomla! Component / Module 'mosConfig_absolute_path' Multiple Parameter Remote File Include Vulnerabilities

A third-party component for Mambo, Module, or Joomla! is running on the remote host. At least one of these components is a version that is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'mosConfigabsolutepath' parameter before using it t...

7.5CVSS6AI score0.37581EPSS
Exploits40References51
Tenable Nessus
Tenable Nessus
added 2006/05/23 12:0 a.m.47 views

XOOPS xoopsConfig Parameter Variable Overwrite Local File Inclusion

The version of XOOPS installed on the remote host allows an unauthenticated attacker to skip processing of the application's 'include/common.php' script and thereby to gain control of the variables '$xoopsConfiglanguage' and '$xoopsConfigthemeset', which are used by various scripts to include PHP...

5.1CVSS6.2AI score0.06351EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2006/04/17 12:0 a.m.26 views

phpWebFTP index.php language Parameter Local File Inclusion

The remote host is running phpWebFTP, a web-based FTP client written in PHP. The version of phpWebFTP installed on the remote host fails to sanitize user-supplied input to the 'language' parameter of the 'index.php' script before using it in a PHP 'include' function. An unauthenticated attacker m...

6.4CVSS6.3AI score0.01764EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2006/04/16 12:0 a.m.25 views

PAJAX < 0.5.2 Multiple Vulnerabilities

The remote host is running PAJAX, a PHP library for remote asynchronous objects in JavaScript. The version of PAJAX installed on the remote host fails to validate input to the 'pajax/pajaxcalldispatcher.php' script before using it in a PHP 'eval' function. An unauthenticated attacker can exploit...

7.5CVSS6AI score0.36127EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2006/04/08 12:0 a.m.36 views

GLSA-200604-02 : Horde Application Framework: Remote code execution

The remote host is affected by the vulnerability described in GLSA-200604-02 Horde Application Framework: Remote code execution Jan Schneider of the Horde team discovered a vulnerability in the help viewer of the Horde Application Framework that could allow remote code execution CVE-2006-1491. Pa...

7.5CVSS6.5AI score0.38441EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2006/03/16 12:0 a.m.302 views

Horde < 3.1 go.php url Parameter File Disclosure

Binary data 3477.prm...

5CVSS7AI score0.12174EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2006/03/03 12:0 a.m.54 views

Limbo CMS index.php Itemid Parameter Arbitrary Command Execution

The remote host is running Limbo CMS, a content-management system written in PHP. The installed version of Limbo fails to sanitize input to the 'Itemid' parameter before using it as part of a search string in an 'eval' statement in the 'classes/adodbt/readtable.php' script. Regardless of PHP's...

7.5CVSS6AI score0.03281EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2006/02/05 12:0 a.m.71 views

Loudblog backend_settings.php Multiple Parameter Remote File Inclusion

The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files. The installed version of Loudblog fails to validate user input to the 'GLOBALSpath' and 'language' parameters before using them in the 'loudblog/inc/backendsettings.php' script in a PHP 'includ...

7.5CVSS5.8AI score0.09164EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2005/11/16 12:0 a.m.74 views

Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)

The remote host is running Exponent CMS, an open source content management system written in PHP. The version of Exponent CMS installed on the remote host fails to sanitize input to the 'id' parameter of the resource module before using it in database queries. An unauthenticated attacker can...

10CVSS6.4AI score0.02688EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2005/11/14 12:0 a.m.20 views

TikiWiki < 1.8.6 / 1.9.1 Multiple Vulnerabilities

The remote host is running TikiWiki, an open source wiki application written in PHP. The version of TikiWiki installed on the remote host fails to sanitize input to the 'language' parameter of the 'tiki-userpreferences.php' script before using it in a PHP 'include' function. An authenticated...

7.5CVSS6.2AI score0.0265EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/11/04 12:0 a.m.49 views

CuteNews Multiple Script Traversal Privilege Escalation

The version of CuteNews installed on the remote host fails to sanitize input to the 'template' parameter of the 'showarchives.php' and 'shownews.php' scripts. An attacker can exploit this issue to read arbitrary files and possibly even execute arbitrary PHP code on the remote host, subject to the...

5CVSS6.3AI score0.12449EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2005/10/26 12:0 a.m.75 views

phpMyAdmin < 2.6.4-pl3 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote host is affected by a local file inclusion vulnerability that can be exploited by an unauthenticated attacker to read arbitrary files, and possibly even to execute arbitrary PHP code on the affected host subject to the permissions of the web serve...

5CVSS5.7AI score0.05617EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2005/09/22 12:0 a.m.24 views

PunBB < 1.2.8 Multiple Vulnerabilities

Binary data 3235.prm...

4.6CVSS7.3AI score0.00938EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2005/09/14 12:0 a.m.26 views

Mail-it Now! Upload2Server Predictable Filename Upload Arbitrary Code Execution

The remote host is running Mail-it Now! Upload2Server, a free, PHP feedback form script supporting file uploads. The version of Upload2Server installed on the remote host stores uploaded files insecurely. An attacker may be able to exploit this flaw to upload a file with arbitrary code and then...

6.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/04/29 12:0 a.m.104 views

Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)

The version of Claroline an open source, collaborative learning environment installed on the remote host suffers from a number of remotely-exploitable vulnerabilities, including: - Multiple Remote File Include Vulnerabilities Four scripts let an attacker read arbitrary files on the remote host an...

7.5CVSS6.5AI score0.04863EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2005/01/02 12:0 a.m.22 views

GLSA-200412-27 : PHProjekt: Remote code execution vulnerability

The remote host is affected by the vulnerability described in GLSA-200412-27 PHProjekt: Remote code execution vulnerability cYon discovered that the authform.inc.php script allows a remote user to define the global variable $pathpre. Impact : A remote attacker can exploit this vulnerability to...

6.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/08/09 12:0 a.m.20 views

Basilix Webmail Attachment Crafted POST Arbitrary File Access

The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions allow retrieval of arbitrary files that are accessible to the web server user when sending a message since they accept a list of attachment names from the client yet do not verify that the attachments were in fa...

3.6CVSS5.8AI score0.00333EPSS
Exploits0References2
securityvulns
securityvulns
added 2001/05/03 12:0 a.m.48 views

@stake Security Advisory: Remote Vulnerabilities in Bugzilla &#40;A043001-1&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Remote Vulnerabilities in Bugzilla Release Date: 04/30/2001 Application: Bugzilla 2.10 Platform: Unix or any other platform supporting perl CGI scripts and MySQL most often Unix+Apache...

7.5CVSS0.2AI score0.03132EPSS
Exploits0
Rows per page
Query Builder