Network Security News – Sunday, August 13, 2006 Events
Chaussette Event_for_month.php _BASE Variable Remote File Inclusion
Chaussette contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to Event_for_month.php not properly sanitizing user input supplied to the '_BASE' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27899
Chaussette Event.php _BASE Variable Remote File Inclusion
Chaussette contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to Event.php not properly sanitizing user input supplied to the '_BASE' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27898
Chaussette Evenement.php _BASE Variable Remote File Inclusion
Chaussette contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to Evenement.php not properly sanitizing user input supplied to the '_BASE' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27897
docpile:we lib/auth.inc.php INIT_PATH Variable Remote File Inclusion
docpile:we contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the lib/auth.inc.php script not properly sanitizing user input supplied to the 'INIT_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27862
Chaussette My_Smarty.php _BASE Variable Remote File Inclusion
Chaussette contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to My_Smarty.php not properly sanitizing user input supplied to the '_BASE' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27902
Chaussette My_Log.php _BASE Variable Remote File Inclusion
Chaussette contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to My_Log.php not properly sanitizing user input supplied to the '_BASE' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27901
Chaussette Event_for_week.php _BASE Variable Remote File Inclusion
Chaussette contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to Event_for_week.php not properly sanitizing user input supplied to the '_BASE' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27900