CVE-2005-2437

Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code...

CVE-2005-2437

The CVE-2005-2437 entry concerns Website Baker Project, where uploaded file extensions are not properly verified. This allows remote attackers to upload and execute arbitrary PHP code due to the insufficient validation of the file type during upload. The available references (NVD, CVE, CVEList) c...

CVE-2005-2331

PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter...

FreeBSD : phpbb -- remote PHP code execution vulnerability (4afacca1-eb9d-11d9-a8bd-000cf18bbe54)

FrSIRT Advisory reports : A vulnerability was identified in phpBB, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the 'viewtopic.php' script that does not properly filter the 'highlight' parameter before calling the...

e107617.txt

Software: http://www.e107.org Author: Heintz Advisory origin: http://www.waraxe.us Software bugtracker: http://e107.org/e107plugins/bugtracker2/bugtracker2.php?0.bug.558 e107 v 0.617 search.php line 142 if$POST'searchquery' echo ""; unset$text; extract$POST; here extract registeres and overwrites...

[SA15862] Serendipity XML-RPC Unspecified PHP Code Execution Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA15864] Comdev News Publisher Cross-Site Scripting and PHP Code Execution

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[Full-disclosure] [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2005-003 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2005-003 Date: 2005-jun-29 Security risk: highly critical Impact: system...

[SA15855] PostNuke XML-RPC Library PHP Code Execution Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

DEBIAN-CVE-2005-1524

PHP file inclusion vulnerability in topgraphheader.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the configlibrarypath parameter...

Vulnerability: Bitrix Php inclusion

Vendor: Bitrix Product: Bitrix Site Manager 4.0.x Vulnerability: php including. Consequence: custom php code execution on server Risk: Critical Description: Due to unfiltered SERVERDOCUMENTROOT variable in file “bitrixmodulesmainstart.php”, hacker can upload php script from other server and execu...

CVE-2005-1881

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code...

PT-2005-2825 · I-Man · I-Man

Name of the Vulnerable Software and Affected Versions: I-Man versions 0.9 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension. This can be done by exploiting the file upload functionality, potentially leadin...

CVE-2005-1821

PHP remote file inclusion vulnerability in pdlheader.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php...

osTicket <= 1.2.7 Multiple Vulnerabilities

The version of osTicket installed on the remote host suffers from several vulnerabilities : - A Remote File Include Vulnerability The script 'include/main.php' lets an attacker read arbitrary files on the remote host and possibly even run arbitrary PHP code, subject to the privileges of the web...

CVE-2005-1438

The connected documents confirm a Remote File Include vulnerability in osTicket variants, specifically CVE-2005-1438, via the include_dir parameter in main.php. The issue affects osTicket versions up to 1.2.7 (per Tenable NASL “osTicket &lt;= 1.2.7 Multiple Vulnerabilities”) and is included among...

CVE-2005-1312

PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors...

CVE-2001-1471

CVE-2001-1471 affects phpBB versions 1.4.0 and earlier. The root cause is an invalid language value in prefs.php (and related auth.php handling) that can let a remote authenticated user modify variables (e.g., $l_statsblock, $l_privnotify) and later use them in an eval, enabling arbitrary PHP cod...

CVE-2005-0913

Smarty vulnerability CVE-2005-0913 affects the regex_replace modifier in Smarty versions before 2.6.8, enabling attackers to execute arbitrary PHP code. The Gentoo GLSA and related open-source advisories describe a remote code execution risk via the template engine’s regex_replace modifier when u...

Double Choco Latte 0.9.30.9.4 - main.php Arbitrary PHP Code Execution

Double Choco Latte 0.9.30.9.4 - main.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry...