Lucene search
K

7242 matches found

securityvulns
securityvulns
added 2003/02/22 12:0 a.m.280 views

Myguestbook (PHP)

Informations : °°°°°°°°°°°°°° Version : 3.0 Website : http://www.tefonline.net/ Problems : - XSS - admin infos recovery - Access to admin pages PHP Code/Location : °°°°°°°°°°°°°°°°°°° If pseudo = SCRIPT, e-mail = SCRIPT or message = /textareaSCRIPT SCRIPT will be executed on index.php,...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2003/02/11 12:0 a.m.198 views

Cedric Email Reader (PHP)

Version : 0.2;0.3;0.4 Website : http://www.isoca.com/ Problems :Include file local, remote Version: 0.2;0.3 File: --------------------------------- email.php3 version 0.2 ; email.php version 0.3 --------------------------------- PHP Code: ---------------------------------...

1.8AI score
Exploits0
securityvulns
securityvulns
added 2003/01/23 12:0 a.m.313 views

Zorum Portal (PHP)

Version : 3.0;3.1;3.2 Website : http://zorum.phpoutsourcing.com/ Problem : Include file File: --------------------------------- include.php --------------------------------- PHP Code: --------------------------------- ... include"$gorumDir/generformlibmultipleselection.php";...

2AI score
Exploits0
securityvulns
securityvulns
added 2003/01/21 12:0 a.m.48 views

vSignup, vAuthenticate (PHP)

Informations : °°°°°°°°°°°°°° ----------------------- Product : vAuthenticate Version : 2.8 ----------------------- Product : vSignup Version : 2.1 ----------------------- Website : http://www.beanbug.net Problem : SQL Injection PHP Code/Location : °°°°°°°°°°°°°°°°°°° chgpwd.php :...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2003/01/06 12:0 a.m.70 views

DCP-Portal 5.0.1 - lib.php?Root Remote File Inclusion

DCP-Portal 5.0.1 - lib.php?Root Remote File Inclusion source: https://www.securityfocus.com/bid/6525/info DCP-Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously create...

7.5AI score
Exploits0
NVD
NVD
added 2002/12/31 5:0 a.m.21 views

CVE-2002-2128

editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. dot dot sequences in the file parameter...

4.6CVSS7.2AI score0.00377EPSS
Exploits0References4
NVD
NVD
added 2002/12/31 5:0 a.m.23 views

CVE-2002-2130

publishxpdocs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERYBASEDIR parameter to reference a URL on a remote web server that contains the code...

7.5CVSS7.6AI score0.0159EPSS
Exploits0References4
NVD
NVD
added 2002/12/31 5:0 a.m.25 views

CVE-2002-1707

install.php in phpBB 2.0 through 2.0.1, when "allowurlfopen" and "registerglobals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbbrootdir parameter to reference a URL on a remote web server that contains the code...

5CVSS7.6AI score0.01372EPSS
Exploits0References3
exploitpack
exploitpack
added 2002/12/31 12:0 a.m.16 views

PEEL 1.0b - Remote File Inclusion

PEEL 1.0b - Remote File Inclusion source: https://www.securityfocus.com/bid/6496/info PEEL is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an...

Exploits0
securityvulns
securityvulns
added 2002/12/20 12:0 a.m.105 views

WAnewsletter (PHP)

Informations : °°°°°°°°°°°°°° Website : http://www.phpcodeur.net Versions : 2.0beta - 2.1.0 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° newsletter.php 2.1beta - 2.1.0 : ---------------------------------------------------- if !empty$HTTPPOSTVARS'action' $action =...

Exploits0
securityvulns
securityvulns
added 2002/11/26 12:0 a.m.39 views

Web Server Creator - Web Portal 0.1 (PHP)

Informations : °°°°°°°°°°°°°° Website : http://webcreator.com02.com Tested version : 0.1 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° news/include/customize.php : ------------------ ? $langfile = $l; include $l; ? ------------------ index.php : ----------------------------------...

7.1AI score
Exploits0
NVD
NVD
added 2002/11/12 5:0 a.m.23 views

CVE-2002-1211

Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUSLIBRARYBASE that points to code stored on a remote server, which is then used in 1 index.php, 2 install.php, or 3 various test.php scripts...

7.5CVSS7.4AI score0.0284EPSS
Exploits1References5
NVD
NVD
added 2002/10/04 4:0 a.m.25 views

CVE-2002-1113

summarygraphfunctions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the gjpgraphpath parameter to reference the location of the PHP code...

7.5CVSS7.5AI score0.03267EPSS
Exploits1References6
securityvulns
securityvulns
added 2002/10/03 12:0 a.m.36 views

MySimpleNews (PHP)

Informations : °°°°°°°°°°°°°° Language : PHP Tested version : 1 Website : ? Comment : Very simple code. a Writing PHP code in a PHP file and execution of this code. Problem : °°°°°°°°° ----------------- users.php ----------------- ? $fp=fopen"news.php3","a"; fwrite$fp,"Post Par $LOGINn";...

7.5AI score
Exploits0
exploitpack
exploitpack
added 2002/09/09 12:0 a.m.29 views

PHPGB 1.11.2 - PHP Code Injection

PHPGB 1.11.2 - PHP Code Injection source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the...

Exploits0
Exploit DB
Exploit DB
added 2002/09/09 12:0 a.m.33 views

PHPGB 1.1/1.2 - PHP Code Injection

source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the savesettings.php script. The...

7.4AI score
Exploits0
NVD
NVD
added 2002/08/12 4:0 a.m.16 views

CVE-2002-0734

b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server...

7.5CVSS7.4AI score0.07011EPSS
Exploits1References4
securityvulns
securityvulns
added 2002/08/03 12:0 a.m.46 views

code injection in gallery

Hi! Code injection in gallery ------------------------------------- What is gallery? The Gallery is actually the best web gallery application around in the world. I'm using it too ;-. Go to http://gallery.sf.net/ to get further information and download this very cool app. remote include problems...

7.5AI score
Exploits0
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.27 views

CVE-2000-1166

Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP PHP3 code by specifying an alternate vhosts as an argument to the index.php3 program...

7AI score0.0163EPSS
Exploits0References4
Cvelist
Cvelist
added 2002/05/03 4:0 a.m.19 views

CVE-2002-0206

index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter...

7.6AI score0.06497EPSS
Exploits0References4
Rows per page
Query Builder