Network Security News Monitor - Monday, May 08, 2006 Events

Advanced Poll /admin/index.php Traversal Arbitrary Local File Inclusion

Advanced Poll contains a flaw that allows a remote attacker to access or include arbitrary files outside of the web path. The issue is due to the /admin/index.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'base_path' and 'pollvars[lang]' variables. This would allow an attacker to access arbitrary files such as /etc/passwd or include local files which could contain arbitrary PHP code that would be executed with the privileges of the web server.. Read more.

Advanced Poll common.inc.php base_path Variable Remote File Inclusion

Advanced Poll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to common.inc.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Advanced Poll png.php include_path Variable Remote File Inclusion

Advanced Poll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to png.php not properly sanitizing user input supplied to the 'include_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Advanced Poll poll_ssi.php include_path Variable Remote File Inclusion

Advanced Poll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to poll_ssi.php not properly sanitizing user input supplied to the 'include_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Advanced Poll popup.php include_path Variable Remote File Inclusion

Advanced Poll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to popup.php not properly sanitizing user input supplied to the 'include_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Advanced Poll booth.php include_path Variable Remote File Inclusion

Advanced Poll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to booth.php not properly sanitizing user input supplied to the 'include_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Advanced Poll /admin/admin_tpl_new.php Traversal Arbitrary Local File Inclusion

Advanced Poll contains a flaw that allows a remote attacker to access or include arbitrary files outside of the web path. The issue is due to the /admin/admin_tpl_new.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'base_path' and 'pollvars[lang]' variables. This would allow an attacker to access arbitrary files such as /etc/passwd or include local files which could contain arbitrary PHP code that would be executed with the privileges of the web server.. Read more.

Advanced Poll /admin/admin_tpl_misc_new.php Traversal Arbitrary Local File Inclusion

Advanced Poll contains a flaw that allows a remote attacker to access or include arbitrary files outside of the web path. The issue is due to the /admin/admin_tpl_misc_new.php not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'base_path' and 'pollvars[lang]' variables. This would allow an attacker to access arbitrary files such as /etc/passwd or include local files which could contain arbitrary PHP code that would be executed with the privileges of the web server.. Read more.

Advanced Poll /admin/admin_templates_misc.php Traversal Arbitrary Local File Inclusion

Advanced Poll contains a flaw that allows a remote attacker to access or include arbitrary files outside of the web path. The issue is due to the /admin/admin_templates_misc.php not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'base_path' and 'pollvars[lang]' variables. This would allow an attacker to access arbitrary files such as /etc/passwd or include local files which could contain arbitrary PHP code that would be executed with the privileges of the web server.. Read more.

Advanced Poll /admin/admin_templates.php Traversal Arbitrary Local File Inclusion

Advanced Poll contains a flaw that allows a remote attacker to access or include arbitrary files outside of the web path. The issue is due to the /admin/admin_templates.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'base_path' and 'pollvars[lang]' variables. This would allow an attacker to access arbitrary files such as /etc/passwd or include local files which could contain arbitrary PHP code that would be executed with the privileges of the web server.. Read more.

Vuln: Mozilla Firefox iframe.contentWindow.focus Deleted Object Reference Vulnerability

Mozilla Firefox iframe.contentWindow.focus Deleted Object Reference Vulnerability. Read more.