104 matches found
[PT-2011-02] PHP code Injection in Kayako Support Suite
----------------------------------------------------------------- PT-2011-02 Positive Technologies Security Advisory PHP code Injection in Kayako Support Suite ----------------------------------------------------------------- --- Vulnerable software Kayako Support Suite Version: 3.70.02-stable an...
Multiple vulnerabilities in ZENphoto
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ZENphoto, which can be exploited to perform arbitrary PHP code execution, sql injection and cross site scripting attacks. 1 Arbitrary PHP Code Execution in ZENphoto: CVE-2012-0993 Input passed via...
phpLDAPadmin orderby Parameter Arbitrary PHP Code Execution
The version of phpLDAPadmin installed on the remote host does not sanitize input to the 'orderby' parameter of the 'cmd.php' script when 'cmd' is set to 'queryengine' before using it in a call to 'createfunction'. An unauthenticated, remote attacker can leverage this issue to execute arbitrary PH...
Pandora FMS <= 3.1 Multiple Input Validation Vulnerabilities - Active Check
Pandora FMS is prone to an authentication bypass vulnerability as well as the following input-validation vulnerabilities: - A commandinjection vulnerability - Multiple SQL injection SQLi vulnerabilities - A remote file include RFI vulnerability - An arbitrary PHP code execution vulnerability -...
MyBackup 1.4.0 Multiple Security Vulnerabilities
MyBackup is prone to multiple security vulnerabilities. These vulnerabilities include a directory-traversal vulnerability and a arbitrary PHP code execution vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary php code in the context of the affected site or obtain...
WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
No description provided by source. ============================================= - Release date: November 11th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.5 Unrestricted...
CVE-2008-5060
Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to 1 exportbatch.inc.php, 2 runautosuspend.cron.php, and 3 sendemailcache.php in include/scripts/; 4...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll Script 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the SERVERDOCUMENTROOT parameter in 1 poll.php and 2 pollarchive.php. NOTE: a reliable third party states that this issue is resultant from a variable...
CVE-2007-4120
Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 classfile parameter to includes/functions.php, the 2 nextitem parameter to includes/functionscron.php, and the 3 specialtemplates parameter to...
CVE-2007-3932
CVE-2007-3932 affects the Joomla! Expose component (RC35 and earlier, com_expose) via uploadimg.php. The code fails to exit after detecting non‑JPEG uploads, enabling an unauthenticated attacker to upload and execute arbitrary PHP in the img/ folder (remote code execution). This is supported by t...
FreeBSD : phpbb -- NULL byte injection vulnerability (86526ba4-53c8-11db-8f1a-000a48049292)
Secunia reports : ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the 'avatarpath' parameter in admin/adminboard.php is not properly sanitised before being used as a configuration variable to store avata...
CVE-2006-2323
Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in 1 editsite.php, 2 addsite.php, and 3 in.php. NOTE: The config.php vector is already covered by CVE-2006-1749...
Horde <= 3.0.9 3.1.0 (Help Viewer) Remote Code Execution (metasploit)
No description provided by source. Title: Horde = 3.0.9, 3.1.0 Help Viewer Remote PHP Code Execution Vulnerability Name: hordehelpmodule.pm License: Artistic/BSD/GPL Info: Trying to get the command execution exploits out of the way on milw0rm.com. M's are always good. - This is an exploit module...
Limbo CMS 1.0.4.2 - 'itemID' Remote Code Execution (Metasploit)
Title: Limbo CMS version 1.x suffers from a remote code execution vulnerability. Name: limbocms1x.pm License: Artistic/BSD/GPL Info: Trying to get the command execution exploits out of the way on milw0rm.com. M's are always good. - This is an exploit module for the Metasploit Framework, please se...
FlatNuke < 2.5.6 Multiple Remote Vulnerabilities
The remote host is running FlatNuke, a content management system written in PHP that uses flat files rather than a database for its storage. The version of FlatNuke installed on the remote host suffers from several flaws: - Arbitrary PHP Code Execution Vulnerability The application fails to remov...
Double Choco Latte 0.9.30.9.4 - main.php Arbitrary PHP Code Execution
Double Choco Latte 0.9.30.9.4 - main.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry...
Double Choco Latte 0.9.3/0.9.4 - 'main.php' Arbitrary PHP Code Execution
source: https://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting/HTML injection attacks and execute arbitrary...
CVE-2005-0698
PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the 1 GPATH parameter to init.inc.php or the 2 PATH parameter to index.php to reference a URL on a remote web server that contains the code...
CVE-2005-0632
PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter...
CVE-2004-1423
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office VLO and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpcrootpath parameter to 1 includes/calendar.ph...