Linpha <= 1.0 multiple arbitrary local inclusion

------------- Linpha = 1.0 multiple arbitrary local inclusion ----------------- software: site: http://linpha.sourceforge.net/nuke/ description: " LinPHA is an easy to use, multilingual, flexible photo / image archive / album / gallery written in PHP. It uses a SQL database to store information...

CPGNuke Dragonfly 9.0.6.1 - Remote Command Execution

this works regardless of magicquotesgpc settings Sun-Tzu: "Thus it may be known that the leader of armies is the arbiter of the people's fate, the man on whom it depends whether the nation shall be in peace or in peril." / a short explaination: install.php is not deleted after dragonfly...

CVE-2005-4174

eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing 1 install.php or 2 upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or the result of incorrect system administration...

CVE-2005-4174

eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing 1 install.php or 2 upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or the result of incorrect system administration...

CVE-2005-4174

CVE-2005-4174 affects eFiction versions 1.0, 1.1, and 2.0. The issue allows remote attackers to perform unauthorized operations by directly accessing install.php or upgrade.php. It is unclear whether the flaw originates from eFiction itself or from improper system administration (e.g., leftover u...

CVE-2005-4025

Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user...

PunBB install.php XSS

The remote web server contains a PHP application that is affected by several cross-site scripting vulnerabilities. Description : The remote version of PunBB is vulnerable to cross-site scripting flaws through 'install.php' script. With a specially-crafted URL, an attacker can inject arbitrary HTM...

badroot-mcNews13.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- BadRoot Security Advisory 2005-0x01 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Thu Mar 17 2005 - 00:46 am GMT +1 Product: mcNews admin/install.php ... 33 if $table==1 34 35 include$l; 36 echo ''.$lGoAdmin.''; 37 ... Impact:...

CVE-2005-0800

PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720...

McNews 1.x - 'install.php' Arbitrary File Inclusion

source: https://www.securityfocus.com/bid/12835/info mcNews is reportedly affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'install.php' script. This issue is reported to affect mcNews versions 1.3 a...

PunBB < 1.1.2 install.php XSS

The remote version of PunBB is vulnerable to cross-site scripting flaws through 'install.php' script. With a specially crafted URL, an attacker can inject arbitrary HTML and script code into a user's browser resulting in the possible theft of authentication cookies, mis-representation of site...

ttCMS/ttForum multiple bugs

SQL injection via username in Profile.php. PHP injection in News.php, install.php...

CVE-2003-0304

The CVE-2003-0304 entry concerns One||Zero Helpdesk 1.4 rc4, where remote attackers can create administrator accounts by directly invoking the Helpdesk Installation script (install.php). The vulnerability arises from improper handling of installation script execution, enabling privilege escalatio...