7242 matches found
Myguestbook (PHP)
Informations : °°°°°°°°°°°°°° Version : 3.0 Website : http://www.tefonline.net/ Problems : - XSS - admin infos recovery - Access to admin pages PHP Code/Location : °°°°°°°°°°°°°°°°°°° If pseudo = SCRIPT, e-mail = SCRIPT or message = /textareaSCRIPT SCRIPT will be executed on index.php,...
Cedric Email Reader (PHP)
Version : 0.2;0.3;0.4 Website : http://www.isoca.com/ Problems :Include file local, remote Version: 0.2;0.3 File: --------------------------------- email.php3 version 0.2 ; email.php version 0.3 --------------------------------- PHP Code: ---------------------------------...
Zorum Portal (PHP)
Version : 3.0;3.1;3.2 Website : http://zorum.phpoutsourcing.com/ Problem : Include file File: --------------------------------- include.php --------------------------------- PHP Code: --------------------------------- ... include"$gorumDir/generformlibmultipleselection.php";...
vSignup, vAuthenticate (PHP)
Informations : °°°°°°°°°°°°°° ----------------------- Product : vAuthenticate Version : 2.8 ----------------------- Product : vSignup Version : 2.1 ----------------------- Website : http://www.beanbug.net Problem : SQL Injection PHP Code/Location : °°°°°°°°°°°°°°°°°°° chgpwd.php :...
DCP-Portal 5.0.1 - lib.php?Root Remote File Inclusion
DCP-Portal 5.0.1 - lib.php?Root Remote File Inclusion source: https://www.securityfocus.com/bid/6525/info DCP-Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously create...
CVE-2002-2128
editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. dot dot sequences in the file parameter...
CVE-2002-2130
publishxpdocs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERYBASEDIR parameter to reference a URL on a remote web server that contains the code...
CVE-2002-1707
install.php in phpBB 2.0 through 2.0.1, when "allowurlfopen" and "registerglobals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbbrootdir parameter to reference a URL on a remote web server that contains the code...
PEEL 1.0b - Remote File Inclusion
PEEL 1.0b - Remote File Inclusion source: https://www.securityfocus.com/bid/6496/info PEEL is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an...
WAnewsletter (PHP)
Informations : °°°°°°°°°°°°°° Website : http://www.phpcodeur.net Versions : 2.0beta - 2.1.0 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° newsletter.php 2.1beta - 2.1.0 : ---------------------------------------------------- if !empty$HTTPPOSTVARS'action' $action =...
Web Server Creator - Web Portal 0.1 (PHP)
Informations : °°°°°°°°°°°°°° Website : http://webcreator.com02.com Tested version : 0.1 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° news/include/customize.php : ------------------ ? $langfile = $l; include $l; ? ------------------ index.php : ----------------------------------...
CVE-2002-1211
Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUSLIBRARYBASE that points to code stored on a remote server, which is then used in 1 index.php, 2 install.php, or 3 various test.php scripts...
CVE-2002-1113
summarygraphfunctions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the gjpgraphpath parameter to reference the location of the PHP code...
MySimpleNews (PHP)
Informations : °°°°°°°°°°°°°° Language : PHP Tested version : 1 Website : ? Comment : Very simple code. a Writing PHP code in a PHP file and execution of this code. Problem : °°°°°°°°° ----------------- users.php ----------------- ? $fp=fopen"news.php3","a"; fwrite$fp,"Post Par $LOGINn";...
PHPGB 1.11.2 - PHP Code Injection
PHPGB 1.11.2 - PHP Code Injection source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the...
PHPGB 1.1/1.2 - PHP Code Injection
source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the savesettings.php script. The...
CVE-2002-0734
b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server...
code injection in gallery
Hi! Code injection in gallery ------------------------------------- What is gallery? The Gallery is actually the best web gallery application around in the world. I'm using it too ;-. Go to http://gallery.sf.net/ to get further information and download this very cool app. remote include problems...
CVE-2000-1166
Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP PHP3 code by specifying an alternate vhosts as an argument to the index.php3 program...
CVE-2002-0206
index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter...