Debian DLA-408-1 : gosa security update

GOsa is a combination of system-administrator and end-user web interface, designed to handle LDAP based setups. GOsa upstream reported a code injection vulnerability in the Samba plugin code of GOsa. During Samba password changes it has been possible to inject malicious Perl code. This upload to...

Cybozu Garoon Code Injection Vulnerability

Cybozu Garoon is a portal type OA office system of Cybozu Japan. A code injection vulnerability exists in Cybozu Garoon. A remote attacker can exploit this vulnerability to execute arbitrary PHP code...

JVN#66984217: MATCHA INVOICE vulnerable to code injection

MATCHA INVOICE provided by ICZ Corporation is a web-based billing management software. MATCHA INVOICE contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Impact An unauthenticated attacker who can execute the installer may execute...

SO Planning PHP Code Injection Vulnerability

SO Planning is a free and open source set of online project production and management tools. SO Planning suffers from a PHP code injection vulnerability that allows remote attackers to submit a special request, inject malicious code and execute it...

iScripts AutoHoster PHP Code Injection Vulnerability

iScripts AutoHoster suffers from file disclosure, PHP code injection, file disclosure, and remote SQL injection vulnerabilities. ?php / + iScripts AutoHoster + Multiple vulnerabilities , PHP Code injection Exploit + Author : i-Hmx + email protected + sec4ever.com , 1337s.cc I.Sql Injection Vuln...

Ruby ftpd Gem 'filename' Parameter Remote Command Execution

Nessus was able to exploit a code injection vulnerability in the Ruby ftpd Gem by providing a specially crafted 'filename' parameter to the LIST command. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65078; scriptversion"1.9"; scriptcvsdate"Date: 2018/11/15 20:50:22...

phpwcms 'preg_replace()'多个远程PHP代码注入漏洞

BUGTRAQ ID: 56964 phpwcms是开源内容管理系统。 phpwcms 1.5.4.6及其他版本在实现上存在多个代码注入漏洞，通过身份验证的远程攻击者可以用"backend user""admin user""backend user"账户利用这些漏洞（"frontend user"账户不能利用这些漏洞）在受影响计算机内执行任意PHP脚本代码。 0 phpwcms = v1.5.4.6 厂商补丁： phpwcms ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.phpwcms.de/...

CVE-2011-4825

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted...

Code injection

Unspecified vulnerability in the Highly Interactive Client component in Siebel Product Suite 7.5.3, 7.7.2, 7.8.2, 8.0.0.5, and 8.1.0 allows local users to affect confidentiality and integrity via unknown vectors...

CVE-2008-6651

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter...

Code injection

IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing."...

CVE-2009-0275

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance...

Exploits munky-bliki Lfi

No description provided by source. !user/bin/python -- coding: cp1256 -- munky-bliki Lfi AUTHOR : IRCRASH R3d.W0rm Sina Yazdanmehr Discovered by : IRCRASH R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr Script Download :...

Code injection

The perl extension in PHP does not follow safemode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments...

CVE-2007-2647

Static code injection vulnerability in admin/adminconfiguration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the 1 gadmpass, 2 gadmuser, 3 gcfgHote, 4 gcfgPass, 5 gcfgUser, 6 gclassementrep, 7 gcontour, 8 gfond, 9...

CVE-2006-6255

Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo...

EUVD-2006-5417

Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when registerglobals is enabled, allow remote attackers to create or overwrite arbitrary files via the 1 emailto, 2 emailfrom, 3 nameto, 4 namefrom, 5 picture, 6 comment, or 7 sessionID parameter, as...

confixx312.txt

// Confixx 3.1.2 XSSdiv style= - Googledork: inurl:confixx inurl:login|anmeldung + Greetz to: Bluegeek + Visit: www.LoK-Crew.de...

CVE-2006-0940

Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php...

CVE-2005-2612

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cachelastpostdateserver cookie...