Searching modules bannieres bannieresphp software vulnerabilities

The installation of 1ArcServe Backup and Inocul

exchverifylog | installation | passwords | usernames | plaintext | 1ArcServe | contains | Inoculan | Exchange | modules | create | client | Backup | which | file | log |

The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.


GTK+ library allows local users to specify arbi

environmental | setuid/setgid | GTK_MODULES | privileges | arbitrary | variable | program | library | specify | modules | allows | allow | local | could | users | which | GTK+ | used | gain | via |

GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.


Unknown vulnerability in login for AIX 5.1L, wh

authentication | vulnerability | attackers | loadable | Unknown | modules | remote | access | system | allows | login | using | gain | AIX | 51L |

Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | Multiple | Docebo | remote | file | LMS | PHP |

Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | Content*Builder | inclusion | Multiple | remote | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash (/) character in the (1) lang_path parameter to (a) cms/plugins/col_man/column.inc.php, (b) cms/plugins/poll/poll.inc.php, (c) cms/plugins/user_managment/usrPortrait.inc.php, (d) cms/plugins/user_managment/user.inc.php, (e) cms/plugins/media_manager/media.inc.php, (f) cms/plugins/events/permanent.eventMonth.inc.php, (g) cms/plugins/events/events.inc.php, and (h) cms/plugins/newsletter2/newsletter.inc.php; (2) path[cb] paramter to (i) modules/guestbook/guestbook.inc.php, (j) modules/shoutbox/shoutBox.php, and (k) modules/sitemap/sitemap.inc.php; and the (3) rel parameter to (l) modules/download/overview.inc.php, (m) modules/download/detailView.inc.php, (n) modules/article/fullarticle.inc.php, (o) modules/article/comments.inc.php, (p) modules/article2/overview.inc.php, (q) modules/article2/fullarticle.inc.php, (r) modules/article2/comments.inc.php, (s) modules/headline/headlineBox.php, and (t) modules/headline/showHeadline.inc.php.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | componentphp | inclusion | Multiple | iManage | remote | file | CMS | PHP |

Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.php, (4) faq.php, (5) mainbody.php, (6) news.php, (7) registration.php, (8) whosOnline.php, (9) components/com_calendar.php, (10) components/com_forum.php, (11) components/minibb/index.php, (12) components/minibb/bb_admin.php, (13) components/minibb/bb_plugins.php, (14) modules/mod_calendar.php, (15) modules/mod_browser_prefs.php, (16) modules/mod_counter.php, (17) modules/mod_online.php, (18) modules/mod_stats.php, (19) modules/mod_weather.php, (20) themes/bizz.php, (21) themes/default.php, (22) themes/simple.php, (23) themes/original.php, (24) themes/portal.php, (25) themes/purple.php, and other unspecified files.


Multiple SQL injection vulnerabilities in CubeC

vulnerabilities | injection | CubeCart | Multiple | SQL |

Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.


Jupiter CMS allows remote attackers to obtain s

information | attackers | sensitive | Jupiter | request | direct | allows | remote | obtain | CMS | via |

Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages. NOTE: The modules/online.php vector is already covered by CVE-2006-1679.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | attackers | arbitrary | parameter | Multiple | execute | calpath | earlier | Vtiger | remote | allow | code | file | CRM | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php.


** DISPUTED ** PHP remote file inclusion vulne

modules/bannieres/bannieresphp | Jean-Christophe | vulnerability | BANNIERES | inclusion | DISPUTED | SCRIPT | remote | Ramos | file | PHP |

** DISPUTED ** PHP remote file inclusion vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: the issue is disputed by other researchers, who observe that $chemin is defined before use.


PHP remote file inclusion vulnerability in modu

modules/mail/mainphp | vulnerability | MODULES_DIR | vHostAdmin | attackers | parameter | arbitrary | inclusion | execute | remote | Inter7 | allows | code | file | PHP | via | URL |

PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter.


Comodo Firewall Pro (formerly Comodo Personal F

Firewall | Comodo | Pro |

Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value.


SQL injection vulnerability in the getArticle f

class/wfsarticlephp | vulnerability | WF-Section | getArticle | injection | function | SQL |

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before Monday, April 16, 2007 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/.


PHP remote file inclusion vulnerability in the

mosConfig_absolute_path | mod_as_categoryphp | vulnerability | attackers | arbitrary | AutoStand | inclusion | parameter | execute | earlier | module | remote | allows | Joomla | file | code | PHP | via | URL |

PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/.


Multiple SQL injection vulnerabilities in modul

modules/admin/modules/galleryphp | vulnerabilities | parameters | parameter | attackers | arbitrary | injection | possibly | Multiple | commands | execute | PHPEcho | earlier | 20-rc1 | remote | other | allow | SQL | CMS | via |

Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | Multiple | remote | Musoo | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[ini_array][EXTLIB_PATH] parameter to (1) msDb.php, (2) modules/MusooTemplateLite.php, or (3) modules/SoundImporter.php.


Multiple SQL injection vulnerabilities in modul

vulnerabilities | modulephp | injection | Multiple | LANAI | SQL |

Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | staticpath | Focus/SIS | attackers | arbitrary | parameter | inclusion | Multiple | execute | remote | allow | file | code | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2) modules/Discipline/StudentFieldBreakdown.php.


Software vulnerabilities results 1 to 20 of 178     
Page: 12345...9