#php

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.

Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.

Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.

A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.

Dolibarr version 17.0.1 suffers from a persistent cross site scripting vulnerability.

PHPJabbers Business Directory Script version 3.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

FOG Forum version 0.8 suffers from a cross site scripting vulnerability.

FoccusWeb CMS version 0.1 suffers from a cross site scripting vulnerability.

Color Prediction Game version 1.0 suffers from a remote SQL injection vulnerability.