EUVD-2006-5170

Malware in sbrugna...

HAMweather 3.9.8 Template.PHP Script Code Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20311/info HAMweather is prone to a script-code-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the...

CVE-2002-2356

CVE-2002-2356 affects HAMweather 2.x. The vulnerability enables remote attackers to modify administrative settings and access sensitive information via a direct request to hwadmin.cgi. According to the NVD entry, the impact includes partial confidentiality and partial integrity with network attac...

CVE-2002-2356

HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi...

CVE-2006-5185

Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the doparsecode function...

CVE-2006-5185

Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the doparsecode function...

CVE-2006-5185

The CVE-2006-5185 issue affects HAMweather (versions 3.9.8.4 and earlier) where eval injection in Template.php occurs. An attacker can supply a modified query string that is passed to an eval call inside do_parse_code, allowing remote code execution. Impact is arbitrary code execution on the web ...

[SA22242] HAMweather "do_parse_code" Command Injection Vulnerability

TITLE: HAMweather "doparsecode" Command Injection Vulnerability SECUNIA ADVISORY ID: SA22242 VERIFY ADVISORY: http://secunia.com/advisories/22242/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: HAMweather 3.x http://secunia.com/product/12178/ DESCRIPTION: Some...

HAMweather Template.php do_parse_code Function Arbitrary Code Execution

The remote host is running HAMweather, a weather-forecasting software application. The installed version of HAMweather fails to properly sanitize input to the 'daysonly' parameter before using it to evaluate PHP or Perl code. An unauthenticated attacker can leverage this issue to execute arbitrar...

HAMweather 3.9.8 - 'template.php' Script Code Injection

source: https://www.securityfocus.com/bid/20311/info HAMweather is prone to a script-code-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are al...

HAMweather 3.9.8 - template.php Script Code Injection

HAMweather 3.9.8 - template.php Script Code Injection source: https://www.securityfocus.com/bid/20311/info HAMweather is prone to a script-code-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the...

CVE-2002-2356

HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi...