Crob FTP server is vulnerable to a directory traversal attack due to a lack of input validation. An attacker can craft a specially crafted request to gain access to files outside of the FTP root directory. By issuing the command 'dir ../../../../../*', an attacker can read all directories on the system.
Multiple SQL injection vulnerabilities have been reported in various modules included in PHP-Nuke versions 6.9 and earlier. These issues could permit remote attackers to compromise PHP-Nuke administrative accounts. Other attacks may also be possible, such as gaining access to sensitive information.
Aprox Portal is prone to a vulnerability that may permit remote attackers to gain access to files that are readable by the hosting web server. These files may exist outside of the server root, potentially exposing sensitive information that may be useful in further attacks against the host.
Web Blog has been reported to be prone to a vulnerability that may permit remote attackers to execute arbitrary commands in the context of the hosting web server. This is due to insufficient sanitization of shell metacharacters from variables which will be used as an argument to a function that invokes the shell directly.
Due to a lack of access validation to the '_admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected system and gain access to files outside of the web server root directory. There may also be other consequences associated with this vulnerability.
It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system.
JBrowser has been reported to be vulnerable to directory traversal vulnerability that may allow a remote attacker to gain access to files readable by the web-server that reside outside of the server root directory. This issue is caused by insufficient sanitization of user specified directory parameters issued to the 'browser.php' script.
It has been reported that PhpGedView may be prone to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system. The problem reportedly exists because remote users may influence the 'PGV_BASE_DIRECTORY' variable in the [GED_File]_conf.php module, which specifies an include path.
It has been reported that PhpGedView may be prone to a directory traversal vulnerability that may allow a remote attacker to access files outside the server root directory. The problem exists due to insufficient sanitization of user-supplied data via the 'gedcom_config' parameter of the 'editconfig_gedcom.php' script.
It has been reported that PJ CGI Neo Review may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory by using '../' character sequences.
Services By CQR