Cafelog b2 0.6 - Remote File Inclusion

Cafelog b2 0.6 - Remote File Inclusion source: https://www.securityfocus.com/bid/7738/info A remote file include vulnerability has been reported for Cafelog. Due to insufficient sanitization of some user-supplied variables by the 'blogger-2-b2.php' and 'gm-2-b2.php' scripts, it is possible for a...

CVE-2003-0275

SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code...

PHPSysInfo 2.0/2.1 - 'index.php' LNG File Disclosure

source: https://www.securityfocus.com/bid/7286/info PHPSysInfo has been reported to be vulnerable to a file disclosure issue. Local users may be capable of influencing the include path for PHPSysinfo language include files. If the malicious language file is symlinked to a web server readable file...

CVE-2002-0451

PHProjekt 3.1 and 3.1a contain a remote PHP code execution vulnerability in filemanager_forms.php. The issue arises from unsafely handling the lib_path parameter, allowing an attacker to specify a URL to executable code, enabling arbitrary code execution on the affected server. The CVE entry prov...

CVE-2002-1466

The CVE-2002-1466 entry affects CafeLog b2 Weblog Tool 2.06pre4 when allow_fopen_url is enabled. The vulnerability allows remote attackers to execute arbitrary PHP code via the b2inc variable, enabling full compromise of affected installations. The root cause is the ability to reference or includ...

CVE-2002-1466

CafeLog b2 Weblog Tool 2.06pre4, with allowfopenurl enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable...

Nuked-Klan 1.2b Multiple Vulnerabilities

It is possible to execute arbitrary PHP code on the remote host using a flaw in the 'Nuked Klan' package. An attacker may leverage this flaw to leak information about the remote system or even execute arbitrary commands. In addition to this problem, this service is vulnerable to various cross-sit...

GOsa Multiple Script plugin Parameter Remote File Inclusion

The remote web server is hosting GOnicus System Administrator GOsa, a PHP-based administration tool for managing accounts and systems in LDAP databases. The version of GOsa installed on the remote host fails to sanitize user input to the 'plugin' parameter of several scripts before using it to...

Myguestbook (PHP)

Informations : °°°°°°°°°°°°°° Version : 3.0 Website : http://www.tefonline.net/ Problems : - XSS - admin infos recovery - Access to admin pages PHP Code/Location : °°°°°°°°°°°°°°°°°°° If pseudo = SCRIPT, e-mail = SCRIPT or message = /textareaSCRIPT SCRIPT will be executed on index.php,...

DCP-Portal 5.0.1 - lib.php?Root Remote File Inclusion

DCP-Portal 5.0.1 - lib.php?Root Remote File Inclusion source: https://www.securityfocus.com/bid/6525/info DCP-Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously create...

PEEL 1.0b - Remote File Inclusion

PEEL 1.0b - Remote File Inclusion source: https://www.securityfocus.com/bid/6496/info PEEL is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an...

CVE-2002-1113

summarygraphfunctions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the gjpgraphpath parameter to reference the location of the PHP code...

MySimpleNews (PHP)

Informations : °°°°°°°°°°°°°° Language : PHP Tested version : 1 Website : ? Comment : Very simple code. a Writing PHP code in a PHP file and execution of this code. Problem : °°°°°°°°° ----------------- users.php ----------------- ? $fp=fopen"news.php3","a"; fwrite$fp,"Post Par $LOGINn";...

CVE-2002-0734

b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server...

CVE-2000-1166

Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP PHP3 code by specifying an alternate vhosts as an argument to the index.php3 program...

Code injection in PHPGroupware

It's possible to inject PHP code and to modify SQL query...

CVE-2001-0475

index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter...

phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run arbitrary PHP Codes as apache user.

Note : sorry for my pity english. First of all, i want to ask a question, is it normal that if, in a MySQL query -via PHP-, i put "select from $table" . "files where ID=1" and i post table="atable ", MySQL consider the new query as a valid one so the final query will be "select from atable" ? It'...

CVE-2000-1166

Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP PHP3 code by specifying an alternate vhosts as an argument to the index.php3 program...

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...