CVE-2005-2179

PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter...

GLSA-200507-08 : phpGroupWare, eGroupWare: PHP script injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200507-08 phpGroupWare, eGroupWare: PHP script injection vulnerability The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the 'POST' method. Impact : A remote attacke...

PPA functions.inc.php config[ppa_root_path] Parameter Remote File Inclusion

The remote host is running PPA, a free, PHP-based photo gallery. The installed version of PPA allows remote attackers to control the 'configpparootpath' variable used when including PHP code in the 'inc/functions.inc.php' script. By leveraging this flaw, an attacker may be able to view arbitrary...

CVE-2005-2179

PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter...

phpGroupWare, eGroupWare: PHP script injection vulnerability

Background phpGroupWare and eGroupWare are web based collaboration software suites. Description The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the "POST" method. Impact A remote attacker could exploit the XML-RPC vulnerability to...

CVE-2005-1921

Eval injection vulnerability in PEAR XMLRPC 1.3.0 and earlier aka XML-RPC or xmlrpc and PHPXMLRPC aka XML-RPC For PHP or php-xmlrpc 1.1 and earlier, as used in products such as 1 WordPress, 2 Serendipity, 3 Drupal, 4 egroupware, 5 MailWatch, 6 TikiWiki, 7 phpWebSite, 8 Ampache, and others, allows...

CVE-2005-2139

PHP remote file inclusion vulnerability in usercheck.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter...

CVE-2005-2106

Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting...

CVE-2005-2106

Drupal 4.5.0–4.6.1 contains a vulnerability that allows remote attackers to execute arbitrary PHP code via public comments or postings. Debian’s DSA-745-1 fixes this in 4.5.3-3; upgrade recommended to remediate.

CVE-2005-2086

PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code...

[Full-disclosure] [DRUPAL-SA-2005-002] Drupal 4.6.2 / 4.5.4 fixes input validation issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2005-002 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2005-002 Date: 2005-jun-29 Security risk: highly critical Impact: system...

CVE-2002-1841

The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4...

[Full-disclosure] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti config_settings.php Remote Code Execution Vulnerability

Multiple Vendor Cacti configsettings.php Remote Code Execution Vulnerability iDEFENSE Security Advisory 06.22.05 www.idefense.com/application/poi/display?id=266&type=vulnerabilities June 22, 2005 I. BACKGROUND Cacti is a round-robin database RRD tool that helps create graphs from database...

CVE-2005-2014

The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack...

CVE-2005-1876

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template .tpl file...

CVE-2005-1868

I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension...

CVE-2005-1876

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template .tpl file...

CVE-2005-1876

The CVE-2005-1876 entry describes a direct code injection vulnerability in CuteNews 1.3.6 and earlier . The issue allows remote attackers with administrative privileges to execute arbitrary PHP code by inputs injected into a template file (.tpl), effectively compromising the server’s PHP executio...

FlatNuke 2.5.x - 'index.php?where' Full Path Disclosure

source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content...

CVE-2003-1178

Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the 1 id, 2 templateset, or 3 action parameter...