26 matches found
EUVD-2007-2209
Malware in sbrugna...
EUVD-2006-6862
Malware in sbrugna...
EUVD-2022-2916
Malicious code in bioql PyPI...
GHSA-74QV-RV53-5WCX Yii PHP Framework arbitrary PHP scripts execution
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...
CVE-2021-20187
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication...
CVE-2017-11154
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter...
CVE-2015-3640
phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the pat...
FreeBSD : yii -- Remote arbitrary PHP code execution (5a35bc56-7027-11e4-a4a3-001999f8d30b)
Yii PHP Framework developers report : We are releasing Yii 1.1.15 to fix a security issue found in 1.1.14. We urge all 1.1.14 users to upgrade their Yii to this latest release. Note that the issue only affects 1.1.14. All previous releases are not affected. Upgrading to this release from 1.1.14 i...
X2Engine 4.1.7 Unrestricted File Upload
-------------------------------------------------------------------------------- X2Engine = 4.1.7 FileUploadsFilter.php Unrestricted File Upload Vulnerability -------------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected...
CVE-2014-4672
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...
Code injection
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...
CVE-2014-4672
CVE-2014-4672 affects Yii PHP Framework 1.1.14: the CDetailView widget’s value property can be exploited to execute arbitrary PHP scripts on the server. Public documents state the issue arises when user input is used to configure the value attribute, enabling remote code execution. A fix was rele...
CVE-2014-4672
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property...
Gentoo Security Advisory GLSA 200503-04 (phpwebsite)
The remote host is missing updates announced in advisory GLSA 200503-04. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Code injection
Unspecified vulnerability in 1 System Consultants La!Cooda WIZ 1.4.0 and earlier and 2 SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact...
CVE-2008-1866
The CVE-2008-1866 issue affects Blog Pixel Motion (PixelMotion), where admin/modif_config.php does not require admin authentication. This allows remote authenticated users to upload arbitrary PHP scripts inside a ZIP archive, which is written to templateZip/ and then automatically extracted under...
CVE-2007-1549
CVE-2007-1549 affects phpx 3.5.15 where gallery.php’s addImage action allows unrestricted file upload. An attacker can upload arbitrary PHP scripts, which are placed under gallery/shelties/ and could be executed remotely. The CVE details focus on the unrestricted upload vulnerability and its abil...
Unrestricted file upload
Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php...
CVE-2007-0764
CVE-2007-0764 concerns an unrestricted file upload in F3Site 2.1 and earlier . The vulnerability allows a remote authenticated administrator to upload and execute arbitrary PHP scripts by abusing a GIF86 header in a file passed via the uplf parameter , with the file later retrievable through a re...
CVE-2006-6913
Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors...