687 matches found
CVE-2006-6167
Multiple PHP remote file inclusion vulnerabilities in L. Brandon Stone and Nathanial P. Hendler Active PHP Bookmarks APB 1.1.02 allow remote attackers to execute arbitrary PHP code via a URL in the APBSETTINGS'apbpath' parameter in 1 apbcommon.php or 2 apb.php. NOTE: CVE and another third party...
CVE-2006-3766
Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to boost their own ratings via a txtrating parameter with a score greater than the intended maximum of 10...
Authentication flaw
Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to editmember and the value parameter to 1...
CVE-2006-1914
DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid 1 fcategoryid parameter to topics.php or 2 unavariabile, 3 GLOBALS, or 4 SERVER parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue...
CVE-2006-1659
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in imagedesc.php, 2 provided parameter in template.php, 3 cid parameter in suggestimage.php, 4 imgid parameter in insertrating.php, and 5 cid parameter i...
CVE-2006-1573
PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter part of the $pagemenu variable...
CVE-2006-0713
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. dot dot sequences in the 1 lang parameter in docs/index.php and the language parameter in 2 install/install.php, 3 install/secstageinstall.php, 4 install/thirdstageinstall.php, and 5...
CVE-2005-3529
tiki-viewforumthread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topicssortmode parameter, possibly related to an SQL injection vulnerability...
CVE-2005-2474
ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to 1 PersonView.php, 2 MemberRoleChange.php, 3 PropertyAssign.php, 4 WhyCameEditor.php, 5 GroupPropsEditor.php, 6 Reports/PDFLabel.php, or 7 UserDelete.php, an invalid Number parameter to 8...
CVE-2005-2312
management.php in Realnode Emilda 1.2.2 and earlier allows remote attackers to perform actions as other users by modifying the userid parameter...
CVE-2004-2638
The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the inlogin parameter to a non-zero value...
CVE-2004-1734
PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the 1 tcorepath parameter to bugapi.php or 2 tcoredir parameter to relationshipapi.php to reference a URL on a remote web server that contains the code...
PHPKIT 1.6 - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/11725/info It is reported that PHPKIT is susceptible to cross-site scripting and SQL injection vulnerabilities. The cross-site scripting issue is present in a parameter of the 'popup.php' script. An attacker can exploit this issue by creating a malicious...
AWStats Rawlog Plugin Logfile Parameter Arbitrary Command Execution
Binary data 1728.prm...
CVE-2004-0344
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. dot dot in the attachOld parameter...
Invision Board 1.1.1 - functions.php SQL Injection
Invision Board 1.1.1 - functions.php SQL Injection source: https://www.securityfocus.com/bid/7290/info An input validation error has been reported in Invision Board which may result in the manipulation of SQL queries. This vulnerability exists in the functions.php script file. An attacker may be...
VPOPMail 0.9x - vpopmail.php Remote Command Execution
VPOPMail 0.9x - vpopmail.php Remote Command Execution source: https://www.securityfocus.com/bid/7063/info A vulnerability has been reported for VPOPMail that may allow attackers to execute arbitrary commands on a vulnerable system. The vulnerability exists due to insufficient sanitization of...
GTCatalog 0.8.160.9 - Remote File Inclusion
GTCatalog 0.8.160.9 - Remote File Inclusion source: https://www.securityfocus.com/bid/6998/info GTCatalog is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remot...
D-Forum 1 - 'header' Remote File Inclusion
source: https://www.securityfocus.com/bid/6879/info D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts. Under some circumstances, it is possible for remote...
D-Forum 1 - 'footer' Remote File Inclusion
source: https://www.securityfocus.com/bid/6879/info D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts. Under some circumstances, it is possible for remote...