Searching poll votephp software vulnerabilities

Advanced Poll before 1.61, when using a flat fi

Advanced | before | Poll |

Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter.


Unknown vulnerability in Sun Solaris 8.0 allows

vulnerability | Solaris | service | Unknown | denial | allows | cause | local | users | Sun |

Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll, triggering a NULL pointer dereference.


Eval injection vulnerability in comments.php in

vulnerability | commentsphp | injection | Advanced | Poll | Eval |

Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | Advanced | Multiple | remote | Poll | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.


Advanced Poll 2.0.2 allows remote attackers to

Advanced | Poll |

Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo() function.


PHP remote file inclusion vulnerability in poll

vulnerability | poll_votephp | inclusion | Creator | remote | Poll | file | PHP |

PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativer_pfad parameter.


Cross-site scripting (XSS) vulnerability in pop

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter.


SQL injection vulnerability in poll_frame.php i

vulnerability | poll_framephp | attackers | arbitrary | injection | parameter | commands | execute | poll_id | earlier | allows | remote | Vote | SQL | Pro | via |

SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.


SQL injection vulnerability in index.php in Php

Phpclanwebsite | vulnerability | injection | indexphp | SQL |

SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax.


Multiple SQL injection vulnerabilities in Advan

vulnerabilities | injection | Advanced | Multiple | Poll | SQL |

Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616.


Till Gerken phpPolls 1.0.3 allows remote attack

phpPolls | Gerken | Till |

Till Gerken phpPolls 1.0.3 allows remote attackers to create a new poll via a direct request to phpPollAdmin.php3 with the poll_action parameter set to create.


SQL injection vulnerability in top.php in X-Scr

vulnerability | X-Scripts | injection | probably | X-Poll | topphp | SQL |

SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | attackers | arbitrary | parameter | SITE_Path | Multiple | execute | circeOS | SaveWeb | remote | Portal | allow | code | file | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. NOTE: the menu_dx.php vector is already covered by CVE-2005-2687.


(1) Amazing Little Poll and (2) Amazing Little


(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php).


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | Multiple | Creator | remote | Poll | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator (phpPC) 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter to (1) poll.php, (2) poll_kommentar.php, and (3) poll_sm.php, different vectors and version than CVE-2005-1755.


Eval injection vulnerability in poll_frame.php

vulnerability | poll_framephp | CVE-2005-4632 | arbitrary | parameter | attackers | injection | different | possibly | function | supplied | poll_id | execute | scripts | allows | remote | other | which | type | Vote | Eval | than | code | call | via | Pro |

Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.


Multiple incomplete blacklist vulnerabilities i

vulnerabilities | iziContents | incomplete | arbitrary | attackers | blacklist | Multiple | execute | earlier | remote | allow | code | via | URL | RC6 | PHP |

Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php; or a URL in the language_home parameter to (3) search/search.php, (4) poll/inlinepoll.php, (5) poll/showpoll.php, (6) links/showlinks.php, or (7) links/submit_links.php in modules/; related to missing checks in (a) modules/moduleSec.php and (b) include/includeSec.php for inclusion of certain URLs, as demonstrated by an ftps:// URL.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | iziContents | gsLanguage | attackers | inclusion | parameter | arbitrary | Multiple | execute | earlier | remote | allow | code | file | RC6 | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the gsLanguage parameter to (1) search/search.php, (2) poll/inlinepoll.php, (3) poll/showpoll.php, (4) links/showlinks.php, or (5) links/submit_links.php in modules/.


Multiple directory traversal vulnerabilities in

vulnerabilities | iziContents | arbitrary | attackers | traversal | directory | Multiple | include | execute | earlier | remote | files | local | allow | via | RC6 |

Multiple directory traversal vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php.


Software vulnerabilities results 1 to 20 of 48     
Page: 123