Lucene search
+L

959 matches found

securityvulns
securityvulns
added 2004/01/09 12:0 a.m.49 views

Vuln in PHPGEDVIEW 2.61 Multi-Problem

Tittle : Vuln in PHPGEDVIEW 2.61 Lang : PHP Author : Windak Website: www.security.com.vn Version : PHPGEDVIEW 2.61 Multi-Problem Introduction : PHPGEDVIEW is program read projects GEDCOM file default html . Bug : 1 Php code injection : Rick : Hight - Vuln in any files : functions.php,...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2003/11/27 12:0 a.m.59 views

Remote execution in My_eGallery

Product: MyeGallery Versions affected: all 3.1.1.g Website: http://lottasophie.sourceforge.net/index.php 1. Introduction --------------- MyeGallery is a very nice PostNuke module, which allows users to create and manipulate their own galleries on the web, plus offers various additional features...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2003/11/27 12:0 a.m.30 views

myegallery.txt

Product: MyeGallery Versions affected: all /tmp/cmdtemp 2&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp"; $output = obgetcontents; obendclean; printoutput; ? This allows execution of any command on the server with MyeGallery, under the privileges of the Web server usually apache or httpd. 3. Solution...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2003/10/30 12:0 a.m.33 views

php.advanced.poll.txt

Informations : °°°°°°°°°°°°° Language : PHP Product : Advanced Poll Version : 2.0.2 Textfile Website : http://www.proxy2.de Problems : - PHP Code Injection - File Include - Phpinfo PHP Code/Location : °°°°°°°°°°°°°°°°°°° comments.php :...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/10/28 12:0 a.m.49 views

Advanced Poll : PHP Code Injection, File Include, Phpinfo

Informations : °°°°°°°°°°°°° Language : PHP Product : Advanced Poll Version : 2.0.2 Textfile Website : http://www.proxy2.de Problems : - PHP Code Injection - File Include - Phpinfo PHP Code/Location : °°°°°°°°°°°°°°°°°°° comments.php :...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2003/10/06 12:0 a.m.23 views

EMML.txt

Informations : °°°°°°°°°°°°° Language : PHP ------------------------------------------------- Produit : EMML EternalMart Mailing List Manager Version : 1.32 ------------------------------------------------- Produit : EMGB EternalMart Guestbook Version : 1.1...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2003/05/22 4:0 a.m.21 views

CVE-2003-0320

header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcmsuseradmin parameter to "1" and modifying the adminroot parameter to point to a URL that contains a Trojan horse header.inc.php script...

7AI score0.05332EPSS
Exploits0References1
exploitpack
exploitpack
added 2003/04/07 12:0 a.m.23 views

Coppermine Photo Gallery 1.0 - PHP Code Injection

Coppermine Photo Gallery 1.0 - PHP Code Injection source: https://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2003/04/07 12:0 a.m.34 views

Coppermine Photo Gallery 1.0 - PHP Code Injection

source: https://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo Gallery, an attacker may upload a malicious JPEG. The...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/02/28 12:0 a.m.39 views

CuteNews Multiple Script cutepath Parameter Arbitrary Command Execution

The version of CuteNews installed on the remote host fails to sanitize input to the 'cutepath' parameter before using it in various scripts to include PHP code. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server...

7.5CVSS5.8AI score0.06899EPSS
Exploits1References2
securityvulns
securityvulns
added 2003/02/25 12:0 a.m.82 views

PHP code injection in CuteNews

PHP source code injection in CuteNews Informations : =============================================== Script : CuteNews v0.88 Offical site : http://air.langame.net/ =============================================== PHP Scripts : =============================================== shownews.php :...

1.3AI score
Exploits0
exploitpack
exploitpack
added 2002/09/09 12:0 a.m.29 views

PHPGB 1.11.2 - PHP Code Injection

PHPGB 1.11.2 - PHP Code Injection source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the...

Exploits0
Exploit DB
Exploit DB
added 2002/09/09 12:0 a.m.35 views

PHPGB 1.1/1.2 - PHP Code Injection

source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the savesettings.php script. The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2002/04/14 12:0 a.m.19 views

XGB 1.2 - Remote Form Field Input Validation

source: https://www.securityfocus.com/bid/4515/info xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. xGB does not sufficiently validate input that is supplied via form fields. An attacker may, under some...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/02/05 12:0 a.m.50 views

Вставка PHP-кода в VikkiTikkiTavi (code execution)

Можифицировав URL можно запросить вставить в шаблон файл с другой машины...

1.6AI score
Exploits0Affected Software1
securityvulns
securityvulns
added 2001/03/16 12:0 a.m.50 views

Дырка в vBulletin (PHP code injection)

Можно вставить PHP-код в программу...

1AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2001/03/16 12:0 a.m.189 views

vBulletin allows arbitrary code execution

OVERVIEW ======== vBulletin http://www.vbulletin.com is a commonly used web forum system written in PHP. One of its key features is use of templates, which allow the board administrator to dynamically modify the look of the board. vBulletin templates are parsed with the eval function. This could ...

0.5AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.24 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Rows per page
Query Builder