CVE-2005-1876

The CVE-2005-1876 entry describes a direct code injection vulnerability in CuteNews 1.3.6 and earlier . The issue allows remote attackers with administrative privileges to execute arbitrary PHP code by inputs injected into a template file (.tpl), effectively compromising the server’s PHP executio...

FlatNuke 2.5.x - 'index.php?where' Full Path Disclosure

source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content...

CVE-2003-1178

Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the 1 id, 2 templateset, or 3 action parameter...

ZeroBoard - Worm Source Code

ZeroBoard - Worm Source Code / The worm exploits a vulnerability in ZeroBoard, allowing an attacker to inject arbitrary PHP code. /str0ke / / ZeroBoard -1day INE w0rm / include include include include include include include include include ifdef sun include endif / SunOS / define DEBUGING undef...

CVE-2005-1222

catforgen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the addirect parameter to reference catforgen.php, then including the code in the mforracine parameter, which is then written to catforgen.php...

CVE-2005-0327

pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php...

CVE-2005-0565

The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension...

GLSA-200503-35 : Smarty: Template vulnerability

The remote host is affected by the vulnerability described in GLSA-200503-35 Smarty: Template vulnerability A vulnerability has been discovered within the regexreplace modifier of the Smarty templates when allowing access to untrusted users. Furthermore, it was possible to call functions from if...

CVE-2005-0909

PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter...

CVE-2005-0887

Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in 1 functions.inc.php or 2 main.php, which causes code to be injected into an eval statement...

Double Choco Latte 0.9.30.9.4 - main.php Arbitrary PHP Code Execution

Double Choco Latte 0.9.30.9.4 - main.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry...

Double Choco Latte 0.9.3/0.9.4 - 'main.php' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting/HTML injection attacks and execute arbitrary...

CVE-2005-0800

PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720...

CVE-2005-0698

PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the 1 GPATH parameter to init.inc.php or the 2 PATH parameter to index.php to reference a URL on a remote web server that contains the code...

CVE-2005-0647

The CVE-2005-0647 entry concerns paNews 2.0.4b. Vulnerability: in admin_setup.php, remote attackers can inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. This is a local script injection affecting paNews’s configuration fi...

PHPNews auth.php path Parameter Remote File Inclusion

The remote host is running PHPNews, an open source news application written in PHP. The installed version of PHPNews has a remote file include vulnerability in the script 'auth.php'. By leveraging this flaw, a attacker can cause arbitrary PHP code to be executed on the remote host using the...

CVE-2005-0632

PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter...

CVE-2004-1734

PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the 1 tcorepath parameter to bugapi.php or 2 tcoredir parameter to relationshipapi.php to reference a URL on a remote web server that contains the code...

CVE-2005-0511

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter...

CVE-2005-0511

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter...