Openi CMS plugins (site protection) remote file inclusion . With this Plugin you can release page ranges only for certain users, variables "oi_dir" in index.php (at site protection plugins) are not properly sanitized. .
Cadre PHP Framework Remote File Include Vulnerability .
Upload Service 1.0 remote file inclusion Variables "$maindir" in top.php are not properly sanitized and this can be exploited to execute arbitrary PHP code by including files from local or external. .
Opera 9 (full version) (iframe) Denial of serviceVulnerability can be exploited by using [iframe] combining with javascript (documents stylesheet) to create an out-of-bounds memory access and crash the opera .
JAMES 2.2.0 Denial Of ServiceJames SMTP servers are allowing attacker to supply a long variable at SMTP argument (such as MAIL) to the SMTP server, because of this vulnerability the Processor at server machine will have a workload till 100% .
vBulletin BBCode IMG Tag Script Injection VulnerabilityThe issue is due to a failure of the application to properly sanitize user-supplied input in bbcode '[IMG]' tags included in a message Successful exploitation of this vulnerability could permit the injection of arbitrary HTML or script code into the browser of an unsuspecting user in the context of the affected site. .
PunBB BBCode IMG Tag Script Injection VulnerabilityThe issue is due to a failure of the application to properly sanitize user-supplied input in bbcode '[IMG]' tags included in a message or user signature (if allowed , default is off) . Successful exploitation of this vulnerability could permit the injection of arbitrary HTML or script code into the browser of an unsuspecting user in the context of the affected site. .
Simple php Blog critical information disclosuresPath dislcosures, XXS in search page, also some critical information disclosures in password file and configuration file .
XSS attack on eXponent CMSSome of eXponent CMS unparsing variable allowing attacker to input some HTML tag to cause some XSS attack against the web also gaining a session id .
paFileDB 3.1 Critical Information disclosures If the site using sessions to handle the authentication mode in the site, Attacker could access the directory "sessions" and see the sessions in the same time when the admin log in to manage the site (which is include admin hash password) .
JAF CMS is susceptible to path disclosure and directory traversal attacks.
AJ-Fork 1.67 has a several vulnerabilitiesAJ-Fork version 1.67 is susceptible to path disclosure, directory listing, backup directory access, and other flaws that allow access to database files. Exploitation provided. .
BBS e-market professional remote command executionBBS E-Market Professional is susceptible to remote command execution vulnerabilities via remote file inclusion and also has a full path disclosure flaw. .
Full Path Disclosure in YABBSEA remote user can access the file to cause the system to display an error message that indicates the installation path. The resulting error message will disclose potentially sensitive installation path information to the remote attacker. .
PHP-Fusion version 4.00 path disclosures and downloadable database backupPHP-Fusion version 4.00 has a full path disclosure vulnerability and a flaw that allows an attacker to download the database backup file that can be used to gain administrative access .
JetboxOne Unencrypted passwordJetboxOne CMS version 2.0.8 keeps system passwords in an unencrypted state and also has a remote code execution flaw. .
eNdonesia CMS version 8.3 is susceptible to full path disclosure and cross site scripting flaws.
Deleting God Admin in some version of PHP nuke |