SUSE CVE-2005-0436

Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter...

CVE-2007-6548

Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the 1 header and 2 footer parameters to modules/system/admin.php in a meta-generator action, 3 the disclaimer parameter to modules/system/admin.p...

CVE-2007-2899

The CVE-2007-2899 entry affects NavBoard 2.6.0, with the vulnerability in admin_config.php allowing direct static code injection to data/config.php via multiple parameters (demonstrated via threadperpage in editconfig). Root cause: insecure handling of input leading to PHP code injection. Impact,...

PHPWIND 2.0.1论坛直接写入木马漏洞

在程序运行时，我抓了一个包： GET /phpwind/job.php?previewjob=preview&Dname=./attachment/set.php&tidwt= chr46.chr47.chr101.chr114.chr114.chr111.chr114.chr46.chr112.chr104.chr112,w, chr60.chr63.chr32.chr101.chr118.chr97.chr108.chr40.chr36.chr95.chr80.chr79...

CVE-2006-5432

CVE-2006-5432 affects phpPowerCards 2.10 (db/txt.inc.php). When register_globals is enabled, multiple direct static code injection paths allow remote attackers to create or overwrite arbitrary files via parameters (email[to], email[from], name[to], name[from], picture, comment, sessionID), demons...

CVE-2006-0940

Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php...

PT-2005-2851 · Flatnuke · Flatnuke

Name of the Vulnerable Software and Affected Versions: FlatNuke version 2.5.3 Description: A direct code injection issue allows remote attackers to execute arbitrary PHP code by placing the code into the referer header of an HTTP request. This causes the code to be injected into referer.php, whic...