CVE-2009-4223

PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENTROOT parameter...

Code injection

Static code injection vulnerability in the Categories module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the Category Access field...

CVE-2009-4115

Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the 1 category and 2 Icon URL fields; or 3 inject arbitrary PHP...

Code injection

Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the 1 category and 2 Icon URL fields; or 3 inject arbitrary PHP...

Remote file inclusion

PHP remote file inclusion vulnerability in assets/plugins/mp3id/mp3id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSBASE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2009-4094

PHP remote file inclusion vulnerability in class/php/d4majaxpagenav.php in the D4J eZine comezine component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSmosConfigabsolutepath parameter...

WordPress Multiple Vulnerabilities (Nov 2009)

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

Jumi Component for Joomla! <= 2.0.5 Backdoor Detection

The version of Joomla! running on the remote host is affected by a backdoor that is part of a trojan installation of Jumi, a third-party component used for including custom code into Joomla!. An unauthenticated, remote attacker can exploit this backdoor, by using specially crafted input to the...

New Wordpress Update Thwarts Malware

The WordPress developers have released security update 2.8.6 to fix two vulnerabilities. WordPress users are advised to install the update as soon as possible if untrusted authors can add content and upload images. At least one of the bugs allows attackers to inject and execute arbitrary PHP code...

WordPress 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

No description provided by source. ============================================= - Release date: November 11th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- WordPress = 2.8.5 Unrestricted...

osCommerce file_manager.php Arbitrary PHP Code Injection

The version of osCommerce hosted on the remote web server allows a remote attacker to access the Admin filemanager utility without authentication. Further, this utility appears to allow arbitrary PHP code to be stored in files under the web server's document directory and then executed subject to...

osCommerce file_manager.php Arbitrary PHP Code Injection (intrusive check)

The version of osCommerce hosted on the remote web server allows a remote attacker to access the Admin filemanager utility without authentication. Further, this utility appears to allow arbitrary PHP code to be stored in files under the web server's document directory and then executed subject to...

Code injection

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...

CVE-2009-3760

CVE-2009-3760 affects the Citrix XenCenterWeb XenServer Resource Kit sample code: a vulnerability in config/writeconfig.php where the pool1 parameter enables static code injection into include/config.ini.php, allowing remote attackers to inject arbitrary PHP code. Root cause is improper handling ...

CVE-2009-3705

PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the configatkroot parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow...

CVE-2009-3324

PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sPath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sPath parameter...

CVE-2009-3220

PHP remote file inclusion vulnerability in cphtml2txt.php in All In One Control Panel AIOCP 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

CVE-2009-3174

PHP remote file inclusion vulnerability in fonctionsracine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cheminlib parameter...