MyBackup 1.4.0 Multiple Security Vulnerabilities

MyBackup is prone to multiple security vulnerabilities. These vulnerabilities include a directory-traversal vulnerability and a arbitrary PHP code execution vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary php code in the context of the affected site or obtain...

phpMyAdmin setup.php Arbitrary PHP Code Execution (PMASA-2010-4)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application. Submitting a specially crafted POST request can result in arbitrary PHP code injection. A remote...

Insufficient output sanitizing when generating configuration file.

PMASA-2010-4 Announcement-ID: PMASA-2010-4 Date: 2010-08-20 Summary Insufficient output sanitizing when generating configuration file. Description The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration...

CVE-2010-2918

PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites comjoomla-visites component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

TikiWiki jhot - Remote Command Execution (Metasploit)

$Id: tikiwikijhotexec.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

CVE-2009-4928

PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the incdir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055...

Remote file inclusion

PHP remote file inclusion vulnerability in the SEF404x comsef component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php...

CVE-2010-2677

PHP remote file inclusion vulnerability in mwplugin.php in Open Web Analytics OWA 1.2.3, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party...

CVE-2010-2677

Open Web Analytics (OWA) 1.2.3 is affected by a PHP remote file inclusion due to mw_plugin.php, where enabling register_globals and disabling magic_quotes_gpc allows an attacker to execute arbitrary PHP code via a URL in the IP parameter. The root cause is improper handling of user input in the R...

CVE-2010-2341

PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tplbasedir parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in CMS S.Builder 3.7 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in a binnincludepath cookie. NOTE: this can also be leveraged to include and execute arbitrary local files...

Snipe Gallery 'cfg_admin_path' Multiple Remote File Include Vulnerabilities

The host is running Snipe Gallery and is prone to multiple remote file include vulnerabilities. OpenVAS Vulnerability Test $Id: gbsnipegalleryremotefileincludevuln.nasl 5373 2017-02-20 16:27:48Z teissa $ Snipe Gallery 'cfgadminpath' Multiple Remote File Include Vulnerabilities Authors: Sooraj KS...

DDLCMS 2.1 - 'skin' Remote File Inclusion

============================================================== DDLCMS v2.1 skin Remote File Inclusion Vulnerability ============================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ ...

GLSA-201006-13 : Smarty: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201006-13 Smarty: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Smarty: The vendor reported that the modifier.regexreplace.php plug-in contains an input sanitation flaw related to the ASCII NUL characte...

Design/Logic Flaw

bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method...

Open-AudIT include_lang.php language Parameter Traversal Local File Inclusion

The web server hosts Open-AudIT, an open source network auditing application written in PHP. At least one install of Open-AudIT on the remote host fails to sanitize user-supplied input to the 'language' parameter before using it in 'includelang.php' to include PHP code. Regardless of PHP's...

CVE-2010-1546

Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite aka CTools module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to 1 the...

Moodle 1.9.8 Remote File Inclusion

+Title: Moodle 1.9.8+ "libdir" , "dirroot" RFI Vulnerability Exploit +TesTed On: Version 1.9.8+ and Prior +Download: http://download.moodle.org/stable19/ +Discovered by: eidelweiss +Contact: eidelweissatcyberservicesdotcom !Thanks To: exploit-db team , JosS hack0wn , sp3x securityreason , r0073r ...

OpenX banner-edit.php File Upload PHP Code Execution

$Id: openxbanneredit.rb 9247 2010-05-08 03:07:51Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

CVE-2009-4836

Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter...