Limbo CMS index2.php option Variable Traversal Arbitrary File Access

Network Security News – Monday, December 19, 2005 Events

Limbo CMS index2.php option Variable Traversal Arbitrary File Access

Limbo CMS contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the 'index2.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'option' variable.. Read more at osvdb.org/21755

Limbo CMS index2.php _SERVER[REMOTE_ADDR] Variable Arbitrary PHP Command Execution

Limbo CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'index2.php' script not properly sanitizing user input supplied to the '_SERVER[REMOTE_ADDR]' variable, which may allow a remote attacker to execute arbitrary PHP commands resulting in a loss of integrity.. Read more at osvdb.org/21756

Limbo CMS index.php _SERVER[REMOTE_ADDR] Variable SQL Injection

Limbo CMS contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the '_SERVER[REMOTE_ADDR]' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21753

Limbo CMS index.php _SERVER[REMOTE_ADDR] Variable XSS

Limbo CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the '_SERVER[REMOTE_ADDR]' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21754

Limbo CMS doc.inc.php Direct Request Path Disclosure

Limbo CMS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'doc.inc.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/21757

Limbo CMS element.inc.php Direct Request Path Disclosure

Limbo CMS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'element.inc.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/21758

Limbo CMS node.inc.php Direct Request Path Disclosure

Limbo CMS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'node.inc.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/21759

CKGold search.php keywords Variable XSS

CKGold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keywords' variables upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21675

ClickCartPro cp-app.cgi affl Variable XSS

ClickCartPro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'affl' variables upon submission to the 'cp-app.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21716

Teamwork Unspecified Menu Issue

Teamwork contains a flaw related to the menu security. No further details have been provided.. Read more at osvdb.org/21745