EUVD-2006-2729

Malware in sbrugna...

php -- multiple vulnerabilities

The PHP development team reports: Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7: Fixed CVE-2007-1001, GD wbmp used with invalid image size Fixed asciiz byte truncation inside mail Fixed a bug in mbparsestr that can be used to activate registerglobals Fixed unallocated memory...

CVE-2006-6957

PHP remote file inclusion vulnerability in addons/modmedia/body.php in Docebo 3.0.3 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSwhereframework parameter. NOTE: this issue might be resultant from a global overwrite...

CVE-2006-6957

PHP remote file inclusion vulnerability in addons/modmedia/body.php in Docebo 3.0.3 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSwhereframework parameter. NOTE: this issue might be resultant from a global overwrite...

CVE-2006-3757

index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty 1 GET, 2 SESSION, 3 POST, 4 COOKIE, or 5 SESSION array parameters, which reveals the installation path in an error message. NOTE: this issue might be resultant from a global overwrite vulnerability...

CVE-2006-3757

index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty 1 GET, 2 SESSION, 3 POST, 4 COOKIE, or 5 SESSION array parameters, which reveals the installation path in an error message. NOTE: this issue might be resultant from a global overwrite vulnerability...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/libactionstep.php in Hot Open Tickets HOT 11012004ver2f, when registerglobals is enabled, allows remote attackers to include arbitrary files via the GLOBALSCLASSPATH parameter. NOTE: this issue might be resultant from a global overwrite vulnerabili...

CVE-2006-2730

PHP remote file inclusion vulnerability in admin/libactionstep.php in Hot Open Tickets HOT 11012004ver2f, when registerglobals is enabled, allows remote attackers to include arbitrary files via the GLOBALSCLASSPATH parameter. NOTE: this issue might be resultant from a global overwrite vulnerabili...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in 1 GLOBALSwhereframework to a lib.simplesel.php, b lib.filelist.php, c tree.documents.php, d lib.repo.php, and e lib.ph...

Remote file inclusion

PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS"CLPath" parameter to 1 reconfig.php and 2 srxclr.php. NOTE: this might be due to a globals overwrite issue...

CVE-2006-2576

CVE-2006-2576 corresponds to Docebo PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier when register_globals is enabled. The issue allows remote code execution by supplying a URL via GLOBALS[where_framework] (files: lib.simplesel.php, lib.filelist.php, tree.documents.php, lib.r...