CVE-2006-4432

Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot sequence in the final component of the PHP session identifier PHPSESSID. NOTE: in some cases, this issue can be leveraged to perform direct static code...

CVE-2006-3184

Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settingsskin.asp, which is stored in incskinfile.asp...

CVE-2006-2667

Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in 1 wp-content/cache/userlogins/ 2...

WordPress <= 2.0.2 - Direct Static Code Injection

Because of this vulnerability, the attackers can execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, when it is appended after a special comment sequence into files. Solution Update the WordPress to the latest available version at least 2.0.3...

CVE-2005-4800

Direct static code injection vulnerability in Yet Another PHP Image Gallery YaPIG 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a modinfo action to modifygallery.php, which inserts the code into guidinfo.php. NOTE: this...

CVE-2006-2335

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

Code injection

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

CVE-2006-2335

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

CVE-2006-2129

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

Code injection

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

Code injection

Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that 1 bypasses a loose "." regular expression to match BEGIN and END statements in overallheader.tpl, or...

CVE-2006-1895

The provided data confirms CVE-2006-1895 affecting phpBB: a direct static code injection in includes/template.php allows remote authenticated users with write access to execute arbitrary PHP by modifying templates. The root causes are (1) bypassing a loose regex intended to match BEGIN/END in ove...

Code injection

Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts...

CVE-2006-1563

Direct static code injection vulnerability in config.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other VBook scripts...

Code injection

Direct static code injection vulnerability in config.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other VBook scripts...

CVE-2006-1545

Direct static code injection vulnerability in admin/config.php in vscripts aka Kuba Kunkiewicz VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php...

Code injection

Direct static code injection vulnerability in the modifyconfig action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the optionnewcompatibilitymode parameter, which is not filtered before being stored in config.php. NOTE...

CVE-2006-0810

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection...

Code injection

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection...

CVE-2006-0810

Skate Board 0.9 is affected by CVE-2006-0810 via a PHP code injection vulnerability in config.php. Remote authenticated administrators can modify variables in config.php, potentially enabling arbitrary PHP code execution. This is described as a vulnerability in Skate Board 0.9 related to config.p...