379 matches found
Design/Logic Flaw
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the lastmodule parameter...
CVE-2007-5056
CVE-2007-5056 is an eval injection in adodb-perf-module.inc.php of ADOdb Lite
CVE-2007-5056
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the lastmodule parameter...
ADOdb Lite adodb-perf-module.inc.php last_module Parameter Arbitrary Code Execution
ADOdb Lite, a lightweight database framework for PHP applications, is installed on the remote host. The version of ADOdb Lite on the remote host fails to sanitize input to the 'lastmodule' parameter of the 'adodb-perf-module.inc.php' script before using it in an 'eval' statement to evaluate PHP...
PHPOF DB_AdoDB.Class.PHP远程文件包含漏洞
PHPOF是一款基于PHP的WEB应用程序。 PHPOF不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是由于'DBAdoDB.Class.PHP'脚本对用户提交的'PHPOFINCLUDEPATH'参数缺少过滤,指定远程服务器上的任意文件作为包含对象,可导致以以WEB权限执行任意命令。 PHPOF 20040226 目前没有解决方案提供: http://www.phpof.org/ http://www.example.com/dbmodules/DBadodb.class.php?PHPOFINCLUDEPATH=shell.txt?...
CVE-2007-3155
Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier...
Sql injection
Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier...
CVE-2007-3155
Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier...
CVE-2007-3155
CVE-2007-3155 affects eGroupWare before 1.2.107-2, with vulnerability tied to ADOdb. The description notes unknown impact and attack vectors; no concrete exploit details are provided in the connected documents. Vendor details are incomplete, and it’s unclear if this issue is covered by another CVE.
CVE-2007-3155
Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier...
XAMPP ADOdb mssql_connect Remote Buffer Overflow
The remote host is running XAMPP, an Apache distribution containing MySQL, PHP, and Perl. It is designed for easy installation and administration. The remote version of XAMPP includes a PHP interpreter that is affected by a buffer overflow involving calls to 'mssqlconnect' as well as an example P...
dcp-portal v611 >> RFi
vendor :http://www.dcp-portal.org/ by : www.hackerz.ir userz .saeid 1- remote DCP/library/adodb/adodb.inc.php ==== includeonce$path; 2- remote DCP/library/editor/editor.php ===== include $abspatheditor."PropAccestring.php 3- local == DCP/admin/phpMyAdmin/libraries/common.lib.php ===...
CVE-2007-2079
The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified...
Buffer overflow
The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified...
xampp-rgod.txt
Connect$POST'host', $POST'user', $POST'password', $POST'database'; echo "DBServer: $POSTdbserver"; $result = $db-Execute"SELECT FROM $POSTtable"; ... mssqlconnect function is vulnerable to buffer overflow and the host argument is totally unchecked. Also this shows a vulnerabilty in ADODB library...
XAMPP for Windows <= 1.6.0a mssql_connect() Remote BoF Exploit
Exploit for unknown platform in category remote exploits ============================================================== XAMPP for Windows Connect$POST'host', $POST'user', $POST'password', $POST'database'; echo "DBServer: $POSTdbserver"; $result = $db-Execute"SELECT FROM $POSTtable";...
XAMPP for Windows 1.6.0a - 'mssql_connect()' Remote Buffer Overflow
Connect$POST'host', $POST'user', $POST'password', $POST'database'; echo "DBServer: $POSTdbserver"; $result = $db-Execute"SELECT FROM $POSTtable"; ... mssqlconnect function is vulnerable to buffer overflow and the host argument is totally unchecked. Also this shows a vulnerabilty in ADODB library...
PT-2007-1459 · Morcego · Morcegocms
Name of the Vulnerable Software and Affected Versions: Morcego CMS versions 0.9.6 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the path parameter to "adodb/adodb.inc.php". Recommendations: For Morcego CMS versions 0.9....
PhpSpy 2 0 0 6 final modified version-the vulnerability warning-the black bar safety net
Files and directories to a ZIP package to download 2. MySql and Ftp brute force 3. Within the network computer name and IP conversion 4. The use of MySql upload download file 5. Added custom settings 6. Alexa rank,off by default 7. Using ADODB to execute SQL statements 8. There are other...
ClipShare ADODB-Connection.Inc.PHP远程文件包含漏洞
ClipShare是一款基于PHP的WEB应用程序。 ClipShare不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'ADODB-Connection.Inc.PHP'脚本对用户提交的'cmd'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 ClipShare 1.5.3 目前没有解决方案提供: http://www.clip-share.com/ http://www.example.com/Path/include/adodb-connection.inc.php?cmd=Shell-Attack...