user inc software vulnerabilities
vulnerabilities.aspcode.net
Searching user inc software vulnerabilities
GUI display truncation vulnerability in ICQ Inc
vulnerability
|
truncation
|
display
|
Inc
|
ICQ
|
GUI
|
GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs.
ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b,
Inc
|
ICQ
|
ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs.
CuteNews 1.4.1 allows remote attackers to obtai
CuteNews
|
CuteNews 1.4.1 allows remote attackers to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message.
PHP remote file inclusion vulnerability in incl
includes/configphp
|
vulnerability
|
WebCalendar
|
inclusion
|
remote
|
file
|
PHP
|
PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call.
PHP remote file inclusion vulnerability in Webs
Webspotblogging
|
vulnerability
|
inclusion
|
remote
|
file
|
PHP
|
PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) inc/logincheck.inc.php, (2) inc/adminheader.inc.php, (3) inc/global.php, or (4) inc/mainheader.inc.php. NOTE: some of these vectors were also reported for 3.0 in a separate disclosure.
PHP remote file inclusion vulnerability in Book
vulnerability
|
Bookmark4U
|
inclusion
|
remote
|
file
|
PHP
|
PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.
Directory traversal vulnerability in calendar/i
calendar/inc/classholidaycalcincphp
|
vulnerability
|
phpGroupWare
|
Directory
|
traversal
|
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
FlashChat
|
inclusion
|
Multiple
|
before
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS.php, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedating4CMS.php.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
attackers
|
inclusion
|
parameter
|
arbitrary
|
versions
|
dir[inc]
|
possibly
|
Multiple
|
AEDating
|
execute
|
earlier
|
remote
|
allow
|
code
|
file
|
PHP
|
via
|
URL
|
Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php.
PHP remote file inclusion vulnerability in inc/
inc/settingsphp
|
vulnerability
|
inclusion
|
IncCMS
|
remote
|
file
|
Core
|
PHP
|
PHP remote file inclusion vulnerability in inc/settings.php in IncCMS Core 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
Multiple
|
WiClear
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (8) lib/history.lib.php in inc/.
PHP remote file inclusion vulnerability in inc/
inc/CONTROL/import/import-mtphp
|
vulnerability
|
b2evolution
|
inclusion
|
remote
|
file
|
PHP
|
PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.
PHP remote file inclusion vulnerability in inc/
inc/commonincphp
|
vulnerability
|
parameter
|
Epistemon
|
attackers
|
arbitrary
|
inclusion
|
inc_path
|
execute
|
remote
|
allows
|
code
|
file
|
PHP
|
via
|
URL
|
PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.
** DISPUTED ** SQL injection vulnerability in
GlobalMegaCorp
|
vulnerability
|
inc/commonphp
|
attackers
|
arbitrary
|
injection
|
parameter
|
DISPUTED
|
commands
|
execute
|
allows
|
remote
|
dvddb
|
user
|
SQL
|
via
|
** DISPUTED ** SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions.
Stack-based buffer overflow in Rhino Software,
Stack-based
|
Software
|
overflow
|
Voyager
|
buffer
|
Rhino
|
FTP
|
Inc
|
Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command.
inc/filebrowser/browser.php in deV!L`z Clanport
inc/filebrowser/browserphp
|
Clanportal
|
deVL`z
|
inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
attackers
|
arbitrary
|
parameter
|
root_path
|
Multiple
|
execute
|
remote
|
CARE2X
|
allow
|
file
|
code
|
PHP
|
via
|
URL
|
Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) inc_checkdate_lang.php, (2) inc_charset_fx.php, (3) inc_config_color.php, (4) inc_currency_set.php, (5) inc_db_makelink.php, (6) inc_diagnostics_report_fx.php, (7) inc_environment_global.php, (8) inc_front_chain_lang.php, (9) inc_init_crypt.php, (10) inc_load_copyrite.php, or (11) inc_news_save.php in include/; (12) diagnostics-report-index.php, (13) config_options_mascot.php, (14) barcode-labels.php, (15) chg-color.php, or (16) config_options_gui_template.php in main/; or unspecified other files.
Multiple PHP remote file inclusion vulnerabilit
inc/include_allincphp
|
vulnerabilities
|
phporacleview
|
attackers
|
inclusion
|
arbitrary
|
Multiple
|
execute
|
remote
|
allow
|
code
|
file
|
URL
|
via
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in inc/include_all.inc.php in phporacleview allow remote attackers to execute arbitrary PHP code via a URL in the (1) page_dir or (2) inc_dir parameters.
SQL injection vulnerability in inc/class_users.
inc/class_usersphp
|
vulnerability
|
revokebb_user
|
RevokeSoft
|
injection
|
arbitrary
|
attackers
|
commands
|
RevokeBB
|
execute
|
earlier
|
cookie
|
allows
|
remote
|
SQL
|
RC4
|
via
|
SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
attackers
|
arbitrary
|
parameter
|
Multiple
|
doc_root
|
execute
|
SiteSys
|
remote
|
allow
|
code
|
file
|
PHP
|
URL
|
10a
|
via
|
Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) inc/pagehead.inc.php or (2) inc/pageinit.inc.php.
Software vulnerabilities results 1 to 20 of 2055
Page:
1
2
3
4
5
...
103
►