| OSVDB ID | Disclosure Date | Title |
|---|
|
28299
Description:
Jetbox CMS has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the search_function.php script not properly sanitizing user input supplied to the 'relative_script_path' variable. However, subsequent evaluation by CVE staff indicates that an attacker can not manipulate this variable as reported.
|
2006-08-25
|
Jetbox CMS search_function.php relative_script_path Parameter Remote File Inclusion
|
|
28298
Description:
Jupiter CMS has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the index.php script not properly sanitizing user input supplied to the 'template' variable. However, subsequent examination indicates that the variable is overwritten and an attacker can not manipulate it.
|
2006-08-25
|
Jupiter Content Manager index.php template Parameter Remote File Inclusion
|
|
28217
Description:
PHProjekt has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to multiple scripts not properly sanitizing user input supplied to the 'pre_path' variable. However, subsequent examination shows that an attacker can not manipulate this variable before being used.
|
2006-08-21
|
PHProjekt Content Management Module Multiple Script path_pre Parameter Remote File Inclusion
|
|
29355
Description:
PHlyMail Lite has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the mod.output.php script not properly sanitizing user input supplied to the '_PM_[path][handler]' variable. However, the script must be called directly to manipulate this variable, but in calling the script directly it will die without code execution.
|
2006-08-18
|
PHlyMail Lite handlers/email/mod.output.php _PM_[path][handler] Parameter Remote File Inclusion
|
