On a phpBB board, a user having access to the admin panel is able to execute PHP code.
3ce6369b0ae26ca7a1150a8d147e40ac0375ffda69ed95f5228aa4fddd7a4f9bphpBB HTML template files are parsed and executed as PHP code. Therefore anyone with access to the template files can execute php code on the system.
57848e7264e5ed324bfce768622e8141320eebdee2d3cc09dfcf6983f83dfff2Encyclopedia versions less than or equal to 3.0 suffer from XSS
61b38575274d18d06f3b8d3bc5142c27c639de4f349e72b99d29bb35bc8367e2Freecontent v2.9 and 3.0 suffer from a remote file inclusion vulnerability.
0c5a8a2a0dc2b4c5e66a279fc98f6a223de63ba736156083d1893868541416fcFarsinews 2.5.3 Pro and below suffer from XSS and path disclosure vulnerabilities.
948643d3936403d36429b9246aa527ec3962925e738e3c2aabb18926b0c3db7dIf the "extras" folder is placed inside the webroot on osCommerce versions less than v2.2 any file can be read on the target system, including php source code with the database details.
836c86179c8fc75a45bcdf0a06345f8eefef3a8dab21ff18199a17631890737fModX v0.9.1 suffers from XSS and a directory transversal vulnerability.
1a8e0bf2f7d5c51b8eb8e49f24d9639004c322d11dac5c95bbe886a659094e15Papoo v2.1.5 suffers from XSS. POC included.
9d980deac6b4ec46eb21acfb866545c3fff1f3664fb5adde691f2a81ff4fc47cLifetype v1.0.3 suffers from XSS and full path disclosure vulnerabilities.
e0cb99379cf889102be002bd072c655d0bccabd441ad5383fd0de55e7c48fe8aPowerClan 1.14 suffers from a SQL injection vulnerability if magic_quotes_gpc = off.
7257eab8ea32b9cfdc250408a3da562cb8de10bdd4dedec817f913b9b2f5cd42Mozilla Camino browser versions 1.0 a prior are vulnerable to a HTML parsing null pointer dereference denial of service vulnerability.
2ffb8615d5475fafd287af027df6d6d28f3aedbfe686c7863455928035314008planetSearch+ version 26.10.2005 is vulnerable to XSS.
cfb33f8f0400e46ef9a7154272d03fe3f1c8093f54f787eceae8e443c7044b35The Netgear WGT624 contains a default admin username and password that can be used to access the device via the serial port.
44c13a8296ddb1e73e629c6af619935468c43095f15c6e34afbf199c600e300fPAJAX versions less than pajax-0.5.2 suffer from remote code injection and arbitrary file inclusion. POC included.
0a7cdff679ce3cf98d1a3f09f26716a9b0feae110597d211b27b6b74615af08eUbuntu Security Notice USN-270-1 - kdegraphics, koffice, xpdf, cupsys, poppler, tetex-bin vulnerabilities.
270033a80073d188d9e9b4d4f09a0eb2a0202aaf8af7d086fae54ceffaa8e148eVuln ID: EV0118 - CzarNews v1.14 suffers from multiple XSS and SQL injection vulnerabilities if magic_quotes_gpc = off.
a882eb18e89b86e0c1273dff588ec2ace548752772df9f582ebdcc1089c68779eVuln ID: EV0117 - aWebBB v1.2 suffers from several XSS and SQL injection vulnerabilities if magic_quotes_gpc = off.
7c2462d0c11ad455c68ca8557bf9d0db3392cd733a17a337d13d9f500331eceeeVuln ID: EV0116 - aWebNews v1.0 suffers from multiple XSS and SQL injection vulnerabilities.
44ea9e09379833f85c9228d1b8253e7b64c8479f87e99fe1018449fecb5e81d3eVuln ID: EV0115 - RedCMS 0.1 suffers from multiple XSS and SQL injection vulnerabilities.
17faed78577a05e8e537dabdd55758c579b7368ea3ec41c67f207c7554e5b982eVuln ID: EV0114 - qliteNews v2005.07.01 suffers from SQL injection if magic_quotes_gpc = off.
03200a82e27271bd06565d36674fceff633dfbfc62664b795f7a2a54a7c9d7b0eVuln ID: EV0113: QLnews v1.2 suffers from XSS and php code insertion vulnerabilities.
9ebd6dce24baa96be5453d7167edec529b5d7baf4e506dee941404551a219699Gentoo Linux Security Advisory GLSA 200604-07 - Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation vulnerability (CVE-2006-0147) and a potential SQL injection vulnerability (CVE-2006-0146). Andy Staudacher reported another SQL injection vulnerability (CVE-2006-0410), and Gulftech Security discovered multiple cross-site-scripting issues (CVE-2006-0806). Versions less than 0.8.6h_p20060108-r2 are affected.
37b21ae4309a337d83774dedca227c9541106fd08d69292defcbc15d8b9a44abGentoo Linux Security Advisory GLSA 200604-08 - A vulnerability has been reported in the apreq_parse_headers() and apreq_parse_urlencoded() functions of Apache2::Request. Versions less than 2.07 are affected.
7ae96418197961094081515b48da6bacba5a54863e3400ba3fe05e1eedd6160dDebian Security Advisory 1036-1: A buffer overflow problem has been discovered in sail, a game contained in the bsdgames package, a collection of classic textual Unix games, which could lead to games group privilege escalation.
0a1ac2ac35dca85ecfd02d905d51ccf36776157fc5a73b8d594e7d8915b77e54Debian Security Advisory 1035-1: Steve Kemp from the Debian Security Audit project discovered that a cronjob contained in fcheck, a file integrity checker, creates a temporary file in an insecure fashion.
291851b66fa0ba29a78f58ffc12bce22c5511b0d8719f9bf696c44407f46c1f0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed