Network Security News – Monday, May 08, 2006 Events
Advanced Poll /admin/index.php Traversal Arbitrary Local File Inclusion
Advanced Poll contains a flaw that allows a remote attacker to access or include arbitrary files outside of the web path. The issue is due to the /admin/index.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'base_path' and 'pollvars[lang]' variables. This would allow an attacker to access arbitrary files such as /etc/passwd or include local files which could contain arbitrary PHP code that would be executed with the privileges of the web server.. Read more at osvdb.org/25173
Advanced Poll common.inc.php base_path Variable Remote File Inclusion
Advanced Poll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to common.inc.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25172
Advanced Poll png.php include_path Variable Remote File Inclusion
Advanced Poll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to png.php not properly sanitizing user input supplied to the 'include_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25169
Advanced Poll poll_ssi.php include_path Variable Remote File Inclusion
Advanced Poll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to poll_ssi.php not properly sanitizing user input supplied to the 'include_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25170
Advanced Poll popup.php include_path Variable Remote File Inclusion
Advanced Poll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to popup.php not properly sanitizing user input supplied to the 'include_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25171
Advanced Poll booth.php include_path Variable Remote File Inclusion
Advanced Poll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to booth.php not properly sanitizing user input supplied to the 'include_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/3291
Advanced Poll /admin/admin_tpl_new.php Traversal Arbitrary Local File Inclusion
Advanced Poll contains a flaw that allows a remote attacker to access or include arbitrary files outside of the web path. The issue is due to the /admin/admin_tpl_new.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'base_path' and 'pollvars[lang]' variables. This would allow an attacker to access arbitrary files such as /etc/passwd or include local files which could contain arbitrary PHP code that would be executed with the privileges of the web server.. Read more at osvdb.org/25174
Advanced Poll /admin/admin_tpl_misc_new.php Traversal Arbitrary Local File Inclusion
Advanced Poll contains a flaw that allows a remote attacker to access or include arbitrary files outside of the web path. The issue is due to the /admin/admin_tpl_misc_new.php not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'base_path' and 'pollvars[lang]' variables. This would allow an attacker to access arbitrary files such as /etc/passwd or include local files which could contain arbitrary PHP code that would be executed with the privileges of the web server.. Read more at osvdb.org/25175
Advanced Poll /admin/admin_templates_misc.php Traversal Arbitrary Local File Inclusion
Advanced Poll contains a flaw that allows a remote attacker to access or include arbitrary files outside of the web path. The issue is due to the /admin/admin_templates_misc.php not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'base_path' and 'pollvars[lang]' variables. This would allow an attacker to access arbitrary files such as /etc/passwd or include local files which could contain arbitrary PHP code that would be executed with the privileges of the web server.. Read more at osvdb.org/25176
Advanced Poll /admin/admin_templates.php Traversal Arbitrary Local File Inclusion
Advanced Poll contains a flaw that allows a remote attacker to access or include arbitrary files outside of the web path. The issue is due to the /admin/admin_templates.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'base_path' and 'pollvars[lang]' variables. This would allow an attacker to access arbitrary files such as /etc/passwd or include local files which could contain arbitrary PHP code that would be executed with the privileges of the web server.. Read more at osvdb.org/25177
Vuln: Mozilla Firefox iframe.contentWindow.focus Deleted Object Reference Vulnerability
Mozilla Firefox iframe.contentWindow.focus Deleted Object Reference Vulnerability. Read more at securityfocus.com/bid/17671
Leave a Reply