1622 matches found
Directory traversal
Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory...
CVE-2006-1208
Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory...
Design/Logic Flaw
PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1099
PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1099
PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1087
Direct static code injection vulnerability in the modifyconfig action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the optionnewcompatibilitymode parameter, which is not filtered before being stored in config.php. NOTE...
CVE-2006-1085
admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the optionadminpass parameter and setting the passcookie to the MD5 hash of the specified password...
CVE-2006-1032
Eval injection vulnerability in the decode function in rpcdecoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag...
Limbo CMS 1.0.4.2 - itemID Remote Code Execution (Metasploit)
Limbo CMS 1.0.4.2 - itemID Remote Code Execution Metasploit Title: Limbo CMS version 1.x suffers from a remote code execution vulnerability. Name: limbocms1x.pm License: Artistic/BSD/GPL Info: Trying to get the command execution exploits out of the way on milw0rm.com. M's are always good. - This ...
Limbo CMS 1.0.4.2 - 'itemID' Remote Code Execution (Metasploit)
Title: Limbo CMS version 1.x suffers from a remote code execution vulnerability. Name: limbocms1x.pm License: Artistic/BSD/GPL Info: Trying to get the command execution exploits out of the way on milw0rm.com. M's are always good. - This is an exploit module for the Metasploit Framework, please se...
CVE-2006-1022
PHP remote file include vulnerability in solmenu.php in PeHePe Uyelik Sistemi aka PeHePe MemberShip Management System 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uyeklasor parameter, along with a misafir parameter that is set to UYESEVIYE...
4Images <= 1.7.1 index.php template Parameter Traversal Local File Inclusion
4Images is installed on the remote system. It is an image gallery management system. The installed application does not validate user-input passed in the 'template' variable of the 'index.php' file. This allows an attacker to execute directory traversal attacks and display the content of sensitiv...
CVE-2006-0957
Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the 1 X-Forwarded-For and 2 Client-Ip HTTP headers, which are stored in Data/flood.db.php...
CVE-2006-0945
PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL %00 in the index parameter...
CVE-2006-0940
Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php...
CVE-2006-0940
Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php...
CVE-2006-0887
Eval injection vulnerability in sessions.inc in PHP Base Library PHPLib before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this...
Code injection
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php...
NOCC 1.0 - error.php?html_error_occurred Cross-Site Scripting
NOCC 1.0 - error.php?htmlerroroccurred Cross-Site Scripting source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can explo...
CVE-2006-0831
PHP remote file include vulnerability in index.php in Tasarim Rehberi allows remote attackers to execute arbitrary PHP code via a URL in the 1 sayfaadi or 2 sayfa parameter. NOTE: this might be a site-specific issue. If so, it should not be included in CVE...