FlatNuke < 2.5.6 Multiple Remote Vulnerabilities

The remote host is running FlatNuke, a content management system written in PHP that uses flat files rather than a database for its storage. The version of FlatNuke installed on the remote host suffers from several flaws: - Arbitrary PHP Code Execution Vulnerability The application fails to remov...

Atomic Photo Album 0.x1.0 - Apa_PHPInclude.INC.php Remote File Inclusion

Atomic Photo Album 0.x1.0 - ApaPHPInclude.INC.php Remote File Inclusion source: https://www.securityfocus.com/bid/14368/info Atomic Photo Album is susceptible to a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...

CVE-2005-2328

PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 and 0.3.2.7 allows remote attackers to execute arbitrary PHP code via the CFGPATH variable...

SUSE-SA:2005:041: php/pear XML::RPC

The remote host is missing the patch for the advisory SUSE-SA:2005:041 php/pear XML::RPC. A bug in the PEAR::XMLRPC library allowed remote attackers to pass arbitrary PHP code to the eval function. The updated php packages fix the XML::RPC bug, however several third party PHP packages include a...

CVE-2005-2179

PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter...

PPA functions.inc.php config[ppa_root_path] Parameter Remote File Inclusion

The remote host is running PPA, a free, PHP-based photo gallery. The installed version of PPA allows remote attackers to control the 'configpparootpath' variable used when including PHP code in the 'inc/functions.inc.php' script. By leveraging this flaw, an attacker may be able to view arbitrary...

CVE-2005-2179

PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter...

phpGroupWare, eGroupWare: PHP script injection vulnerability

Background phpGroupWare and eGroupWare are web based collaboration software suites. Description The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the "POST" method. Impact A remote attacker could exploit the XML-RPC vulnerability to...

CVE-2005-1921

Eval injection vulnerability in PEAR XMLRPC 1.3.0 and earlier aka XML-RPC or xmlrpc and PHPXMLRPC aka XML-RPC For PHP or php-xmlrpc 1.1 and earlier, as used in products such as 1 WordPress, 2 Serendipity, 3 Drupal, 4 egroupware, 5 MailWatch, 6 TikiWiki, 7 phpWebSite, 8 Ampache, and others, allows...

CVE-2005-2106

Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting...

CVE-2005-2139

PHP remote file inclusion vulnerability in usercheck.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter...

CVE-2005-2106

Drupal 4.5.0–4.6.1 contains a vulnerability that allows remote attackers to execute arbitrary PHP code via public comments or postings. Debian’s DSA-745-1 fixes this in 4.5.3-3; upgrade recommended to remediate.

CVE-2005-2086

PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code...

[Full-disclosure] [DRUPAL-SA-2005-002] Drupal 4.6.2 / 4.5.4 fixes input validation issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2005-002 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2005-002 Date: 2005-jun-29 Security risk: highly critical Impact: system...

[Full-disclosure] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti config_settings.php Remote Code Execution Vulnerability

Multiple Vendor Cacti configsettings.php Remote Code Execution Vulnerability iDEFENSE Security Advisory 06.22.05 www.idefense.com/application/poi/display?id=266&type=vulnerabilities June 22, 2005 I. BACKGROUND Cacti is a round-robin database RRD tool that helps create graphs from database...

CVE-2005-1868

I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension...

CVE-2005-1876

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template .tpl file...

CVE-2005-1876

The CVE-2005-1876 entry describes a direct code injection vulnerability in CuteNews 1.3.6 and earlier . The issue allows remote attackers with administrative privileges to execute arbitrary PHP code by inputs injected into a template file (.tpl), effectively compromising the server’s PHP executio...

CVE-2005-1876

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template .tpl file...

FlatNuke 2.5.x - &#039;index.php?where&#039; Full Path Disclosure

source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content...