CVE-2004-1423

Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office VLO and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpcrootpath parameter to 1 includes/calendar.ph...

FlatNuke index.php url_avatar Field Arbitrary PHP Code Execution

The remote host is running FlatNuke, a content management system written in PHP and using flat files rather than a database for its storage. The remote version of this software has a form submission vulnerability that may allow an attacker to execute arbitrary PHP commands on the remote host...

CVE-2004-2740

PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the pathpre parameter...

CVE-2004-1421

Multiple PHP remote file inclusion vulnerabilities 1 stepone.php, 2 steponetables.php, 3 steptwotables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the serverinc parameter to reference a URL on a remote web server that contains the cod...

PHProjekt: Remote code execution vulnerability

Background PHProjekt is a modular groupware web application used to coordinate group activities and share files. Description cYon discovered that the authform.inc.php script allows a remote user to define the global variable $pathpre. Impact A remote attacker can exploit this vulnerability to for...

CVE-2004-0490

cPanel, when compiling Apache 1.3.29 and PHP with the modphpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPTFILENAME variable to find and execute a script instead of the PATHTRANSLATED variable, which allows local users to execute arbitrary PHP code...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a popular, web-based MySQL administration tool written in PHP. It allows users to administer a MySQL database from a web-browser. Description Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including...

When faking table with specific name, an attacker can make phpMyAdmin to execute arbitrary php code and add custom server configuration.

PMASA-2004-1 Announcement-ID: PMASA-2004-1 Date: 2004-06-29 Summary When faking table with specific name, an attacker can make phpMyAdmin to execute arbitrary php code and add custom server configuration. Description phpMyAdmin used eval function to fill some values and one parameter used there w...

CVE-2004-1820

PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php...

Mambo Open Source 4.5/4.6 - 'mod_mainmenu.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/9445/info It has been reported that Mambo Open Source may be prone to a remote file include vulnerability that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system. The issue exists...

CVE-2003-0559

mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAINPATH parameter to reference a URL on a remote web server that contains the code...

CVE-2002-1466

CafeLog b2 Weblog Tool 2.06pre4, with allowfopenurl enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable...

CVE-2002-0451

filemanagerforms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the libpath parameter...

CVE-2002-1707

install.php in phpBB 2.0 through 2.0.1, when "allowurlfopen" and "registerglobals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbbrootdir parameter to reference a URL on a remote web server that contains the code...

CVE-2002-2128

editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. dot dot sequences in the file parameter...

CVE-2002-0206

index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter...

CVE-2001-1471

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables 1 $lstatsblock in prefs.php or 2 $lprivnotify in auth.php from being properly initialized, which can be modified by the user and later...

phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run arbitrary PHP Codes as apache user.

Note : sorry for my pity english. First of all, i want to ask a question, is it normal that if, in a MySQL query -via PHP-, i put "select from $table" . "files where ID=1" and i post table="atable ", MySQL consider the new query as a valid one so the final query will be "select from atable" ? It'...

CVE-2001-1468

PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code...

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...