Authentication flaw

Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information...

CVE-2008-6445

Technical details about CVE-2008-6445 are not publicly available in the provided documents. The entries repeat generic vulnerability notes with no concrete affected versions, exploit vectors, or remediation steps.

CVE-2008-6445

Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information...

Mandrake Security Advisory MDVSA-2009:052 (php-smarty)

The remote host is missing an update to php-smarty announced via advisory MDVSA-2009:052. OpenVAS Vulnerability Test $Id: mdksa2009052.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:052 php-smarty Authors: Thomas Reinke Copyright: Copyright c 2009...

Mandrake Security Advisory MDVSA-2009:052 (php-smarty)

The remote host is missing an update to php-smarty announced via advisory MDVSA-2009:052. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

CVE-2008-6251

PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2008-6223

PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior WOTW 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php...

Code injection

Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party...

CVE-2008-6206

Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENTROOT parameter to 1 graph.php and 2 robotstats.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...

CVE-2009-0643

CVE-2009-0643 describes a static code injection in Simple PHP News 1.0 final. An attacker can inject arbitrary PHP code into news.txt via the post parameter and then trigger execution by requesting display.php, indicating a combination of unsafeguarded input handling and file-based code execution...

CVE-2009-0643

Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party...

Code injection

Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the 1 title or 2 date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is...

CVE-2008-6138

PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter...

Sql injection

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...

CVE-2008-6132

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...

CVE-2009-0517

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

Hedgedog CMS 1.21 LFI / Command Execution

!/usr/bin/perl |----------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS | |----------------------------------------------------------------------------------------------------------------------------------|...

Hedgehog-CMS 1.21 (LFI) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ======================================================== Hedgehog-CMS 1.21 LFI Remote Command Execution Exploit ======================================================== !/usr/bin/perl...