Page 2 of 7 results (0.000 seconds)

CVSS: 5.0EPSS: 2%CPEs: 8EXPL: 4

CVE-2006-5832 – AIOCP 1.3.x - 'cp_show_ec_products.php' Full Path Disclosure

https://notcve.org/view.php?id=CVE-2006-5832

All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages. All In One Control Panel (AIOCP) 1.3.007 y versiones anteriores permite a atacantes remotos obtener la ruta completa al servidor secuencias de comandos web o HTML de su elección mediante peticiones concretas a (1) public/code/cp_dpage.php, posiblemente involucrando al parámetro aiocp_dp[], (2) public/code/cp_show_ec_products.php, posiblemente involucrando al parámetro order_field[], y (3) public/code/cp_show_page_help.php, posiblemente involucrando al parámetro hp[], que revela la ruta en varios mensajes de error. • https://www.exploit-db.com/exploits/28936 https://www.exploit-db.com/exploits/28937 https://www.exploit-db.com/exploits/28935 http://securityreason.com/securityalert/1839 http://sourceforge.net/project/shownotes.php?release_id=478370 http://www.securityfocus.com/archive/1/450701/100/0/threaded http://www.securityfocus.com/bid/20931 https://exchange.xforce.ibmcloud.com/vulnerabilities/30052 •

CVSS: 7.5EPSS: 8%CPEs: 8EXPL: 2

CVE-2006-5831 – AIOCP 1.3.x - 'load_page' Remote File Inclusion

https://notcve.org/view.php?id=CVE-2006-5831

PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_page parameter. Vulnerabilidad de inclusión remota de archivo en PHP en admin/code/index.php de All In One Control Panel (AIOCP) 1.3.007 y versiones anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro load_page. • https://www.exploit-db.com/exploits/28922 http://securityreason.com/securityalert/1839 http://sourceforge.net/project/shownotes.php?release_id=478370 http://www.securityfocus.com/archive/1/450701/100/0/threaded http://www.securityfocus.com/bid/20931 https://exchange.xforce.ibmcloud.com/vulnerabilities/30050 •