EUVD-2007-2977

Malware in sbrugna...

EUVD-2006-4609

Malware in sbrugna...

EUVD-2006-4519

PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter...

Pheap 1.x/2.0 Edit.PHP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22670/info Pheap is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve and edit the contents of arbitrary files...

Pheap 2.0 Config.PHP Pheap_Login Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24227/info Pheap is prone to an authentication-bypass vulnerability due to a design error. An attacker can exploit this vulnerability to bypass authentication and execute arbitrary commands in the context of the site...

PT-2007-5597 · Bellabook · Bellabook

Name of the Vulnerable Software and Affected Versions: BellaBook affected versions not specified Description: The issue allows remote attackers to potentially obtain administrative privileges. This is achieved by sending the admin's username admin name in a pheap login cookie. The vendor disputes...

CVE-2007-2985

Pheap 2.0 allows remote attackers to bypass authentication by setting a pheaplogin cookie value to the administrator's username, which can be used to 1 obtain sensitive information, including the administrator password, via settings.php or 2 upload and execute arbitrary PHP code via an updatedoc...

CVE-2007-2985

Pheap 2.0 allows remote attackers to bypass authentication by setting a pheaplogin cookie value to the administrator's username, which can be used to 1 obtain sensitive information, including the administrator password, via settings.php or 2 upload and execute arbitrary PHP code via an updatedoc...

CVE-2007-2985

CVE-2007-2985 affects Pheap 2.0. An attacker can bypass authentication by setting the pheap_login cookie to the administrator’s username, enabling (1) access to sensitive info, including the admin password via settings.php and (2) upload/execute arbitrary PHP code via the update_doc action in edi...

Pheap 2.0 - config.php Pheap_Login Authentication Bypass

Pheap 2.0 - config.php PheapLogin Authentication Bypass source: https://www.securityfocus.com/bid/24227/info Pheap is prone to an authentication-bypass vulnerability due to a design error. An attacker can exploit this vulnerability to bypass authentication and execute arbitrary commands in the...

Pheap 2.0 - 'config.php' Pheap_Login Authentication Bypass

source: https://www.securityfocus.com/bid/24227/info Pheap is prone to an authentication-bypass vulnerability due to a design error. An attacker can exploit this vulnerability to bypass authentication and execute arbitrary commands in the context of the site administrator. !/usr/bin/php -q -d...

Pheap 2.0 Admin Bypass / Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ?php / Explanation: The user verification routine used in most of the files is: include"lib/config.php"; if $COOKIE'pheaplogin' != $username header"Location: login.php"; else CONTINUE EXECUTING CODE So basically it's saying "I...

Pheap 2.0 Admin Bypass / Remote Code Execution Exploit

Exploit for unknown platform in category web applications ====================================================== Pheap 2.0 Admin Bypass / Remote Code Execution Exploit ====================================================== !/usr/bin/php -q -d shortopentag=on ?php / Explanation: The user...

CVE-2007-1140

Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. dot dot in the filename parameter...

CVE-2007-1140

Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. dot dot in the filename parameter...

CVE-2007-1140

Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. dot dot in the filename parameter...

CVE-2007-1140

The CVE-2007-1140 entry describes a directory traversal vulnerability in edit.php of the pheap application, where an attacker can supply a filename containing .. to read and modify arbitrary files. Affected component: pheap (edit.php). Root cause: improper validation of the filename parameter all...

Pheap 1.x2.0 - edit.php Directory Traversal

Pheap 1.x2.0 - edit.php Directory Traversal source: https://www.securityfocus.com/bid/22670/info Pheap is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve and edit the contents of arbitra...

Pheap 1.x/2.0 - 'edit.php' Directory Traversal

source: https://www.securityfocus.com/bid/22670/info Pheap is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve and edit the contents of arbitrary files from the vulnerable system in the...

CVE-2006-4621

PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The...