Sql injection

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

CVE-2008-6103

PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter...

CVE-2009-0495

PHP remote file inclusion vulnerability in include/define.php in REALTOR 747 4.11 allows remote attackers to execute arbitrary PHP code via a URL in the INCDIR parameter...

CVE-2008-6084

Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory...

OpenHelpDesk 1.0.100 Code Execution

$Id: phpeval.rb 5783 2008-10-23 02:43:21Z ramon $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

GNUBoard 4.31.03 (08.12.29) - Local File Inclusion

GNUBoard V4.31.03 08.12.29 Local/Remote File Include Vulnerability BY flyh4thotmail.com Thx to qiuren/rayt TEAM:Wolves Security Team SITE:http://bbs.wolvez.org/ / SIR GNUBoard VERSION 4.31.03 08.12.29is a widely used bulletin board system of Korea. It is freely available for all platforms that...

GLSA-200812-20 : phpCollab: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200812-20 phpCollab: Multiple vulnerabilities Multiple vulnerabilities have been found in phpCollab: rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not properly sanitized before being used ...

phpCollab: Multiple vulnerabilities

Background phpCollab is a web-enabled groupware and project management software written in PHP. It uses SQL-based database backends. Description Multiple vulnerabilities have been found in phpCollab: rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 Alpha 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter to 1 portal/includes/portalblock.php and 2 includes/acp/acplcxbbportal.php...

FreeBSD : mantis -- php code execution vulnerability (af2745c0-c3e0-11dd-a721-0030843d3802)

Secunia reports : EgiX has discovered a vulnerability in Mantis, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the 'sort' parameter in manageprojpage.php is not properly sanitised before being used in a 'createfunction' call. This can be exploited to...

CVE-2008-5288

PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter...

CVE-2008-5060

Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to 1 exportbatch.inc.php, 2 runautosuspend.cron.php, and 3 sendemailcache.php in include/scripts/; 4...

CVE-2008-4928

Cross-site scripting XSS vulnerability in the redirect function in functions.php in MyBB aka MyBulletinBoard 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a...

Code injection

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ backslash before a dollar-sign character...

CVE-2008-4811

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ backslash before a dollar-sign character...

WebSVN <= 2.0 (XSS/FH/CE) Multiple Remote Vulnerabilities

No description provided by source. WebSVN = 2.0 Multiple Vulnerabilities October 20, 2008 Vendor : Tim Armes URL : http://websvn.tigris.org Version : WebSVN = 2.0 Risk : Multiple Vulnerabilities Description: WebSVN is an online SVN repository viewer. The description taken from the project website...

websvn-xssfhce.txt

WebSVN alertdocument.cookie; A url like the one above would display a JavaScript alert window containing the cookie data of any set cookies for the domain. File Handling Issues: There are some file handling issues in the RSS functionality used by WebSVN. The issue is caused by the following bit o...

WebSVN <= 2.0 (XSS/FH/CE) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ========================================================= WebSVN alertdocument.cookie; A url like the one above would display a JavaScript alert window containing the cookie data of any set cookies for the domain. File Ha...

Gentoo Security Advisory GLSA 200805-04 (egroupware)

The remote host is missing updates announced in advisory GLSA 200805-04. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...