CVE-2008-4810

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and 1 a dollar-sign character, aka "php executed in templates;" and 2 a double quoted literal string, aka a "function...

CVE-2008-4704

PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in panel/common/theme/default/headersetup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the 1 pathdocroot and 2 component parameters...

Code injection

plugins/eventtracer/eventlist.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by createfunction...

Code injection

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 aka Strawberry allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression...

CVE-2008-4529

Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the ENVasicmspath parameter to 1 Association.php, 2 BigMath.php, 3 DiffieHellman.php, 4 DumbStore.php, 5 Extension.php, 6 FileStore.php, 7 HMAC.php, 8...

Gentoo Security Advisory GLSA 200503-35 (smarty)

The remote host is missing updates announced in advisory GLSA 200503-35. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200407-22 (dev-db/phpmyadmin)

The remote host is missing updates announced in advisory GLSA 200407-22. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200412-27 (PHProjekt)

The remote host is missing updates announced in advisory GLSA 200412-27. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200805-04 (egroupware)

The remote host is missing updates announced in advisory GLSA 200805-04. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Moodle 'lib/kses.php' 'kses_bad_protocol_once' Function Arbitrary PHP Code Execution

The version of Moodle on the remote host includes a version of the KSES HTML filtering library that does not safely call 'pregreplace' in the function 'ksesbadprotocolonce' in 'lib/kses.php'. An unauthenticated, remote attacker can leverage this issue to inject arbitrary PHP code that will be...

CVE-2008-3769

PHP remote file inclusion vulnerability in admin/createordernew.php in Freeway 1.4.1.171, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includepage parameter...

Sql injection

Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...

CVE-2008-3764

Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to 1 flatread.php, 2 post.php, 3 processpost.php, 4 processsearch.php, 5 forum.php, 6 processsubscribe.php, 7 read.php, 8...

CVE-2008-3575

PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSgsLanguage parameter, a different vector than CVE-2006-4477 and CVE-2004-0132...

Pligg settemplate.php template Parameter Local File Inclusion

The remote host is running Pligg, an open source content management system. The installed version of Pligg fails to sanitize the 'template' cookie before using it in 'config.php' to include PHP code. An unauthenticated, remote attacker can exploit this issue to view arbitrary files or even execut...

Remote file inclusion

PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter...

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg alertdocument.cookie; The above example link would display the end users cookie to them. Of course this can also be use...