CVE-2008-5949

Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cctbase parameter to 1 index.php; 2 handle/proxy.php; 3 header.php, 4 include.php, and 5 workspace.php in includes/; and 6 plugins/RSS/files/rss.php...

cctiddly-rfi.txt

/ $Id: cctiddly-1.7.4-rfi.txt,v 0.1 2008/12/04 04:12:20 cOndemned Exp $ ccTiddly 1.7.4 cctbase Multiple Remote File Inclusion Vulnerabilities found by cOndemned download from : http://tiddlywiki.org/ccTiddly/ccTiddlyv1.7.4.zip Probably prior versions are vulnerable too... Greetz: ZaBeaTy, str0ke,...

RaidenHTTPD workspace.php ulang Parameter Local File Inclusion

The remote host is running RaidenHTTPD, a web server for Windows. The version of RaidenHTTPD installed on the remote host fails to sanitize user-supplied input to the 'ulang' parameter in scripts '/raidenhttpd-admin/workspace.php' and '/raidenhttpd-admin/menu.php' before using it to include PHP...

RaidenHTTPD 'workspace.php'目录遍历漏洞

RaidenHTTPD是一款HTTPD服务程序。 RaidenHTTPD不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于'workspace.php'脚本对用户提交的"ulang"参数缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以WEB权限查看系统文件内容。 Raiden Professional Servers RaidenHTTPD 2.0.19 目前没有解决方案提供： http://www.raidenhttpd.com/en/index.html rem raidenhttpdudo.cmd @ec...

RaidenHTTPD workspace.php ulang Parameter Local File Inclusion

Binary data 5103.prm...