EUVD-2005-2016

Malware in sbrugna...

SUSE CVE-2016-6609

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

GHSA-WPWW-HX7X-XFJH phpMyAdmin PHP code injection

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2016-6609

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.8, the decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Also, the same initialization vector IV is used to hash the username and...

SimpleBBS 1.0.6/1.0.7/1.1 - Remote Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17501/info SimpleBBS is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to...

Ultimate PHP Board 1.9 admin_iplog.PHP Arbitrary PHP Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7678/info A vulnerability has been reported in Ultimate PHP Board. The problem is said to occur due to insufficient sanitization of user-supplied input before including log data into a PHP file. As a result, it may be...

GLSA-200812-07 : Mantis: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200812-07 Mantis: Multiple vulnerabilities Multiple issues have been reported in Mantis: EgiX reported that manageprojpage.php does not correctly sanitize the sort parameter before passing it to createfunction in core/utilityapi.p...

Mantis: Multiple vulnerabilities

Background Mantis is a PHP/MySQL/Web based bugtracking system. Description Multiple issues have been reported in Mantis: EgiX reported that manageprojpage.php does not correctly sanitize the sort parameter before passing it to createfunction in core/utilityapi.php CVE-2008-4687. Privileges of...

Gentoo Security Advisory GLSA 200507-08 (phpgroupware egroupware)

The remote host is missing updates announced in advisory GLSA 200507-08. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200507-01 (pear-xml_rpc phpxmlrpc)

The remote host is missing updates announced in advisory GLSA 200507-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

CVE-2002-2249

PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to 1 backend.php, 2 screen.php, or 3 admin/modules/comment.php...

TikiWiki file upload vulnerability (jhot.php)

Added: 09/08/2006 CVE: CVE-2006-4602 BID: 19819 OSVDB: 28456 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The jhot.php script allows remote attackers to upload arbitrary PHP commands into the img/wiki directory. The commands can then be executed by...

CentOS 3 / 4 : php (CESA-2005:748)

Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RP...

phpRPC decode function command execution

Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...

phpRPC decode function command execution

Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...

phpRPC decode function command execution

Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...

ATutor 1.x - body_header.inc.php?section Local File Inclusion

ATutor 1.x - bodyheader.inc.php?section Local File Inclusion source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attack...

ATutor 1.x - 'body_header.inc.php?section' Local File Inclusion

source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks. ATutor 1.5.1-pl1 and prior versions are affected...

CVE-2005-2014

The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack...