risk software vulnerabilities
vulnerabilities.aspcode.net
Searching risk software vulnerabilities
CRE Loaded 6.15 allows remote attackers to perf
Loaded
|
CRE
|
CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment."
The ip2long function in PHP 5.1.4 and earlier m
function
|
ip2long
|
PHP
|
The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.
** DISPUTED ** PHP remote file inclusion vulne
vulnerability
|
OpenPinboard
|
inclusion
|
attackers
|
parameter
|
arbitrary
|
DISPUTED
|
language
|
indexphp
|
execute
|
remote
|
allows
|
code
|
file
|
PHP
|
via
|
URL
|
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests that there is a small time window of risk before the installation is complete.
Software vulnerabilities results 1 to 4 of 4
Page:
1