959 matches found
Vuln in PHPGEDVIEW 2.61 Multi-Problem
Tittle : Vuln in PHPGEDVIEW 2.61 Lang : PHP Author : Windak Website: www.security.com.vn Version : PHPGEDVIEW 2.61 Multi-Problem Introduction : PHPGEDVIEW is program read projects GEDCOM file default html . Bug : 1 Php code injection : Rick : Hight - Vuln in any files : functions.php,...
Remote execution in My_eGallery
Product: MyeGallery Versions affected: all 3.1.1.g Website: http://lottasophie.sourceforge.net/index.php 1. Introduction --------------- MyeGallery is a very nice PostNuke module, which allows users to create and manipulate their own galleries on the web, plus offers various additional features...
myegallery.txt
Product: MyeGallery Versions affected: all /tmp/cmdtemp 2&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp"; $output = obgetcontents; obendclean; printoutput; ? This allows execution of any command on the server with MyeGallery, under the privileges of the Web server usually apache or httpd. 3. Solution...
php.advanced.poll.txt
Informations : °°°°°°°°°°°°° Language : PHP Product : Advanced Poll Version : 2.0.2 Textfile Website : http://www.proxy2.de Problems : - PHP Code Injection - File Include - Phpinfo PHP Code/Location : °°°°°°°°°°°°°°°°°°° comments.php :...
Advanced Poll : PHP Code Injection, File Include, Phpinfo
Informations : °°°°°°°°°°°°° Language : PHP Product : Advanced Poll Version : 2.0.2 Textfile Website : http://www.proxy2.de Problems : - PHP Code Injection - File Include - Phpinfo PHP Code/Location : °°°°°°°°°°°°°°°°°°° comments.php :...
EMML.txt
Informations : °°°°°°°°°°°°° Language : PHP ------------------------------------------------- Produit : EMML EternalMart Mailing List Manager Version : 1.32 ------------------------------------------------- Produit : EMGB EternalMart Guestbook Version : 1.1...
CVE-2003-0320
header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcmsuseradmin parameter to "1" and modifying the adminroot parameter to point to a URL that contains a Trojan horse header.inc.php script...
Coppermine Photo Gallery 1.0 - PHP Code Injection
Coppermine Photo Gallery 1.0 - PHP Code Injection source: https://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo...
Coppermine Photo Gallery 1.0 - PHP Code Injection
source: https://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo Gallery, an attacker may upload a malicious JPEG. The...
CuteNews Multiple Script cutepath Parameter Arbitrary Command Execution
The version of CuteNews installed on the remote host fails to sanitize input to the 'cutepath' parameter before using it in various scripts to include PHP code. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server...
PHP code injection in CuteNews
PHP source code injection in CuteNews Informations : =============================================== Script : CuteNews v0.88 Offical site : http://air.langame.net/ =============================================== PHP Scripts : =============================================== shownews.php :...
PHPGB 1.11.2 - PHP Code Injection
PHPGB 1.11.2 - PHP Code Injection source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the...
PHPGB 1.1/1.2 - PHP Code Injection
source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the savesettings.php script. The...
XGB 1.2 - Remote Form Field Input Validation
source: https://www.securityfocus.com/bid/4515/info xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. xGB does not sufficiently validate input that is supplied via form fields. An attacker may, under some...
Вставка PHP-кода в VikkiTikkiTavi (code execution)
Можифицировав URL можно запросить вставить в шаблон файл с другой машины...
Дырка в vBulletin (PHP code injection)
Можно вставить PHP-код в программу...
vBulletin allows arbitrary code execution
OVERVIEW ======== vBulletin http://www.vbulletin.com is a commonly used web forum system written in PHP. One of its key features is use of templates, which allow the board administrator to dynamically modify the look of the board. vBulletin templates are parsed with the eval function. This could ...
PHP Code Injection
phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...
PHP Code Injection
phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...