CVE-2006-0418

Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username...

creLoaded 6.15 - 'HTMLAREA' Automated Perl

!/usr/bin/perl creLoaded Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and utilise that to execute commands, and show off a fake shell. Can specify: User-defined PHP script or one provided in this script suits most occasions Additional variables to pass to...

More compact and more powerful--the Eval version of ASP Trojan principle analysis-vulnerability warning-the black bar safety net

WithWebto secure popularity, the administrator prevent WebShellartalso increased, the previous kind is placed directly on a WebShell era is slowly away from us, So now the WebShell more and more attention to its concealment. WebShell hiddenartis also developing very fast, from changing the code...

Sql injection

SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the 1 calid parameter in calendar.php3 and the 2 password field on the login page...

Format string

Multiple format string vulnerabilities in the authldaplogreason function in Apache authldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username...

CVE-2006-0150

Multiple format string vulnerabilities in the authldaplogreason function in Apache authldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username...

Remote file inclusion

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter...

CVE-2005-4211

PHP remote file inclusion in phpCOIN 1.2.2 affects coin_includes/db.php, allowing an attacker to supply a URL via the _CCFG[_PKG_PATH_DBSE] parameter to execute arbitrary PHP code. This is a code-execution exposure in the web application, with no exploitation details provided beyond the parameter...

CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the 1 PERLLIB, 2 PERL5LIB, and 3 PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included...

CVE-2005-3995

Format string vulnerability in the dosyslog function in the OBEX server obexsrv.c for Sobexsrv before 1.0.0-pre4, when the syslog -S function is enabled, allows remote attackers to execute arbitrary code via format string specifiers in file name arguments to OBEX commands...

CVE-2005-3895

Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary w...

CVE-2005-3648

Multiple SQL injection vulnerabilities in the getrecord function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in 1 category.php and 2 info.php...

Mambo Open Source / Joomla! GLOBALS Variable Remote File Include

The version of Mambo Open Source or Joomla! running on the remote host is affected by a remote file include vulnerability due to allowing the the GLOBALS variable array to be overwritten whenever the PHP 'registerglobals' setting is disabled. An unauthenticated, remote attacker can exploit this...

CVE-2003-1236

Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog...

phpSysInfo -- "register_globals" emulation layer overwrite vulnerability

A Secunia Advisory reports: Christopher Kunz has reported a vulnerability in phpSysInfo, which can be exploited by malicious people to manipulate certain information. The vulnerability is caused due to an error in the "registerglobals" emulation layer where certain arrays used by the system can b...

Microsoft RPC Interface Buffer Overrun (823980)

The remote host is running a version of Windows which has a flaw in its RPC interface which may allow an attacker to execute arbitrary code and gain SYSTEM privileges. There is at least one Worm which is currently exploiting this vulnerability. Namely, the MsBlaster worm. SPDX-FileCopyrightText:...

vBulletin 'last10.php' SQLi Vulnerability - Active Check

The installed version of last10.php may allow an attacker to cause an SQL injection SQLi vulnerability allowing an attacker to cause the program to execute arbitrary SQL statements. SPDX-FileCopyrightText: 2004 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and...

CVSTrac cgi.c multiple overflows

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains multiple flaws in the mprintf, vmprintf, and vxprintf functions in cgi.c . A remote attacker, exploiting this flaw, would be able to execute arbitrary code on the remote syste...

PHP-Fusion homepage address XSS

A vulnerability exists in the remote version of PHP-Fusion that may allow an attacker to execute arbitrary HTML and script code in the context of the user SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

HTTP header overflow

It was possible to kill the web server by sending an invalid request with a too long header name or value. A cracker may exploit this vulnerability to make your web server crash continually or even execute arbirtray code on your system. OpenVAS Vulnerability Test $Id: wwwtoolongheader.nasl 8023...