CVE-2006-0810

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection...

CVE-2006-0810

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection...

CVE-2006-0757

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via 1 the contactgroupid parameter in addressbook.update.php, 2 the messageid parameter in addressbook.add.php, 3 the folderid parameter in folders.update.php, and possibly...

Remote file inclusion

PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter...

dotProject 2.0 - modulespublicdate_format.php?baseDir Remote File Inclusion

dotProject 2.0 - modulespublicdateformat.php?baseDir Remote File Inclusion source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...

Update Protection against phpBB and PHPGedView Remote Execution Vulnerabilities

phpBB is a widely used bulletin board software package. PhpGedView is a genealogy program which allows for genealogy viewing and editing on the Web. Several vulnerabilities reported in phpBB and in PhpGedView could allow an attacker to execute arbitrary PHP code...

Remote file inclusion

PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter...

CVE-2006-0214

Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the dbid parameter to visitorupload.php, as demonstrated using phpinfo and include function calls...

Sql injection

Eval injection vulnerability in Light Weight Calendar LWC 1.0 20040909 and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php...

CVE-2006-0183

Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via 1 the edit=header value, which modifies header.php, or 2 the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from th...

[SA18432] ACal "ACalAuthenticate" Authentication Bypass Vulnerability

TITLE: ACal "ACalAuthenticate" Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA18432 VERIFY ADVISORY: http://secunia.com/advisories/18432/ CRITICAL: Highly critical IMPACT: Security Bypass, System access WHERE: From remote SOFTWARE: ACal 2.x http://secunia.com/product/3884/ DESCRIPTION...

Directory traversal

addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory...

CVE-2006-0169

addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory...

Code injection

The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function...

CVE-2006-0094

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the incstat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

CVE-2006-0076

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter...

OABoard 1.0 Forum - Remote File Inclusion

source: https://www.securityfocus.com/bid/16105/info The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application. This could result in the execution of arbitrary PHP code in the context of th...

CVE-2005-4424

Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. dot dot in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00...

CVE-2005-4031

MediaWiki 1.5.x is affected by an Eval injection vulnerability before 1.5.3 that allows remote attackers to execute arbitrary PHP code via the user language option, which is used to form a dynamic class name processed by eval. Root cause: improper handling of user-supplied language selection lead...

CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...