ZeroBoard - Worm Source Code

ZeroBoard - Worm Source Code / The worm exploits a vulnerability in ZeroBoard, allowing an attacker to inject arbitrary PHP code. /str0ke / / ZeroBoard -1day INE w0rm / include include include include include include include include include ifdef sun include endif / SunOS / define DEBUGING undef...

CVE-2005-0327

pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php...

CVE-2005-1222

catforgen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the addirect parameter to reference catforgen.php, then including the code in the mforracine parameter, which is then written to catforgen.php...

CVE-2005-0272

ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions...

CVE-2005-0565

The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension...

CVE-2005-1003

Directory traversal vulnerability in index.php for ProfitCode PayProCart 3.0 allows remote attackers to include arbitrary PHP files via .. dot dot sequences in the modID parameter...

GLSA-200503-35 : Smarty: Template vulnerability

The remote host is affected by the vulnerability described in GLSA-200503-35 Smarty: Template vulnerability A vulnerability has been discovered within the regexreplace modifier of the Smarty templates when allowing access to untrusted users. Furthermore, it was possible to call functions from if...

CVE-2005-0909

PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter...

CVE-2005-0887

Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in 1 functions.inc.php or 2 main.php, which causes code to be injected into an eval statement...

Double Choco Latte 0.9.30.9.4 - main.php Arbitrary PHP Code Execution

Double Choco Latte 0.9.30.9.4 - main.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry...

Double Choco Latte 0.9.3/0.9.4 - 'main.php' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting/HTML injection attacks and execute arbitrary...

CVE-2005-0800

PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720...

CVE-2005-0698

PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the 1 GPATH parameter to init.inc.php or the 2 PATH parameter to index.php to reference a URL on a remote web server that contains the code...

CVE-2005-0647

The CVE-2005-0647 entry concerns paNews 2.0.4b. Vulnerability: in admin_setup.php, remote attackers can inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. This is a local script injection affecting paNews’s configuration fi...

GLSA-200503-04 : phpWebSite: Arbitrary PHP execution and path disclosure

The remote host is affected by the vulnerability described in GLSA-200503-04 phpWebSite: Arbitrary PHP execution and path disclosure NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable ...

PHPNews auth.php path Parameter Remote File Inclusion

The remote host is running PHPNews, an open source news application written in PHP. The installed version of PHPNews has a remote file include vulnerability in the script 'auth.php'. By leveraging this flaw, a attacker can cause arbitrary PHP code to be executed on the remote host using the...

CVE-2005-0632

PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter...

phpWebSite: Arbitrary PHP execution and path disclosure

Background phpWebSite provides a complete web site content management system. Description NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable to a path disclosure. Impact A remote...

CVE-2004-1734

PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the 1 tcorepath parameter to bugapi.php or 2 tcoredir parameter to relationshipapi.php to reference a URL on a remote web server that contains the code...

CVE-2005-0511

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter...