Mindmeld 1.2.0.10 Multiple Remote File Inclusion Vulnerabilities

No description provided by source. Summary Mindmeld is an, "enterprise-capable knowledge-sharing system" written in PHP. There are multiple remote file inclusion vulnerabilities in Mindmeld version 1.2.0.10 latest version. Details 1. Vulnerable File and Line: Mindmeld-1.2.0.10/acweb/adminindex.ph...

CJ Tag Board User-Agent PHP注入漏洞

CJ Tag Board是一款基于PHP的论坛程序。 CJ Tag Board不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题一是tag.php脚本对"User-Agent" HTTP头数据缺少过滤，可导致任意PHP代码注入，并通过请求all.php脚本执行。 问题二是adminindex.php脚本对用户提交的"banned"参数缺少过滤，可导致任意PHP代码注入。 CJ Tag Board 3.0 http://www.scriptsearch.com/cgi-bin/jump.cgi?ID=10068...

CVE-2006-4451

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...

CVE-2006-4451

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...

CVE-2006-3138

Multiple cross-site scripting XSS vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PIC parameter in offers-pix.php, 2 from parameter in cp/index.php, and 3 action parameter in cp/adminindex.php...