spip software vulnerabilities
vulnerabilities.aspcode.net
Searching spip software vulnerabilities
Multiple SQL injection vulnerabilities in formu
formulaires/inc-formulaire_forumphp3
|
vulnerabilities
|
injection
|
Multiple
|
earlier
|
Alpha
|
182-e
|
SPIP
|
SQL
|
Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions".
Cross-site scripting (XSS) vulnerability in ind
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539)
earlier
|
Alpha
|
182-e
|
SPIP
|
SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.
Directory traversal vulnerability in Spip_RSS.P
spip_acces_docphp3
|
GLOBALS[type_urls]
|
vulnerability
|
Spip_RSSPHP
|
sequences
|
traversal
|
arbitrary
|
Directory
|
injection
|
resultant
|
parameter
|
attackers
|
include
|
earlier
|
execute
|
allows
|
static
|
direct
|
remote
|
could
|
which
|
files
|
file
|
read
|
SPIP
|
used
|
then
|
182g
|
code
|
via
|
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.
SQL injection vulnerability in spip_acces_doc.p
spip_acces_docphp3
|
vulnerability
|
attackers
|
arbitrary
|
injection
|
parameter
|
commands
|
execute
|
earlier
|
allows
|
remote
|
file
|
SPIP
|
182g
|
SQL
|
via
|
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter.
Cross-site scripting (XSS) vulnerability in rec
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.
PHP remote file inclusion vulnerability in spip
spip_loginphp3
|
vulnerability
|
inclusion
|
remote
|
SPIP
|
file
|
PHP
|
PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.
** DISPUTED ** PHP remote file inclusion vulne
inc-calculphp3
|
vulnerability
|
inclusion
|
DISPUTED
|
remote
|
SPIP
|
file
|
PHP
|
** DISPUTED ** PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function.
Software vulnerabilities results 1 to 9 of 9
Page:
1