SUSE CVE-2007-1396

The importrequestvariables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the 1 GET, 2 POST, 3 COOKIE, 4 FILES, 5 SERVER, 6 SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address a...

PHPNuke78.txt

NewAngels Advisory 7PHP Nuke sqlquery"SELECT active, view FROM ".$prefix."modules WHERE title='$name'"; The $name variable is not checked so you could inject malicious SQL Code. In an file which is included whe have the following code: $queryString = strtolower$SERVER'QUERYSTRING'; if...