Network Security News – Monday, May 16, 2005 Events
yappa-ng index_overview.inc.php config Variable Remote File Inclusion
yappa-ng contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the index_overview.inc.php script not properly sanitizing user input supplied to the 'config' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/16555
yappa-ng admin_module_rotimage.inc.php config Variable Remote File Inclusion
yappa-ng contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admin_module_rotimage.inc.php script not properly sanitizing user input supplied to the 'config' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/16550
yappa-ng index_leftnavbar.inc.php config Variable Remote File Inclusion
yappa-ng contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the index_leftnavbar.inc.php script not properly sanitizing user input supplied to the 'config' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/16556
yappa-ng index_image.inc.php config Variable Remote File Inclusion
yappa-ng contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the index_image.inc.php script not properly sanitizing user input supplied to the 'config' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/16557
yappa-ng admin_module_edit.inc.php config Variable Remote File Inclusion
yappa-ng contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admin_module_edit.inc.php script not properly sanitizing user input supplied to the 'config' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/16552
yappa-ng show_random.inc.php config Variable Remote File Inclusion
yappa-ng contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the show_random.inc.php script not properly sanitizing user input supplied to the 'config' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/16561
yappa-ng admin_module_info.inc.php lang_akt Variable XSS
yappa-ng contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'lang_akt' variable upon submission to the admin_module_info.inc.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16546
yappa-ng index_footer-copyright.inc.php config Variable XSS
yappa-ng contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'config' variable upon submission to the index_footer-copyright.inc.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16547
yappa-ng admin_module_delimage.inc.php config Variable Remote File Inclusion
yappa-ng contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admin_module_delimage.inc.php script not properly sanitizing user input supplied to the 'config' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/16553
yappa-ng main.inc.php config Variable Remote File Inclusion
yappa-ng contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the main.inc.php script not properly sanitizing user input supplied to the 'config' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/16562
Leave a Reply