Acajoom Component for Joomla! <= 3.2.6 Backdoor Detection

Acajoom, a third-party component for Joomla! for managing mailing lists, newsletters, auto-responders, and other communications, is running on the remote host. This version of Acajoom is equal or prior to 3.2.6. It is, therefore, affected by a backdoor in the self.acajoom.php script. An...

eliteCMS multiple Vulnerabilities

eliteCMS is prone to a vulnerability that lets attackers upload and execute arbitrary PHP code. The application is also prone to a cross-site scripting issue and to a SQL Injection Vulnerability. These issues occur because the application fails to sufficiently sanitize user-supplied input...

CVE-2009-1936

functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrar...

CVE-2009-1936

The CVE-2009-1936 entry concerns cpCommerce 1.2.x (possibly including 1.2.9) and related variants. The root cause is in _functions.php: when called directly, a redirect is issued but not exited, allowing bypass of a protection mechanism that enables remote file inclusion and directory traversal v...

Movie PHP Script 2.0 Code Execution

Movie PHP Script v2.0 Remote PHP Code Execution + Discovered By SirGod + www.mortal-team.org + Remote PHP Code Execution - Vulnerable code in system/services/init.php : --------------------------------------------------------------------------------- Line 84 : @evalstripslashes$REQUEST'anticode';...

ECShop PHP Code Execution

Securitylab.ir Application Info: Name: ecshop Version: 2.6.2 Website: http://www.ecshop.com Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: info@securitylabdotir & [email protected] =========================================================== :: integrate.php :: if...

TinyWebGallery lang Parameter Local File Inclusion

The remote host is running TinyWebGallery, a web-based photo gallery application written in PHP. The version of TinyWebGallery installed on the remote host fails to filter user-supplied input to the 'lang' parameter of the 'admin/include/init.php' script before using it to include PHP code...

CVE-2009-1779

PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the formincludetemplate parameter...

CVE-2008-6807

PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xmldir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the libdir...

CVE-2008-6773

The CVE-2008-6773 entry concerns YourPlace 1.0.2 and earlier, where a static code injection flaw in user/internettoolbar/edit.php allows remote authenticated users to execute arbitrary PHP via 10 fav parameters, resulting in partial impact to confidentiality, integrity, and availability. The root...

Insufficient output sanitizing when generating configuration file.

PMASA-2009-4 Announcement-ID: PMASA-2009-4 Date: 2009-04-14 Summary Insufficient output sanitizing when generating configuration file. Description Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the themedirectory parameter to 1 container.php and 2 header.php in themes/...

CVE-2008-6530

The CVE-2008-6530 entry describes an Unrestricted file upload in editimage.php of eZoneScripts Living Local 1.1 . The vulnerability permits remote authenticated administrators to upload a file with an executable extension and then access it directly to execute arbitrary PHP code. This can comprom...

CVE-2008-6402

PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the moddir parameter...

CVE-2008-6305

PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the APIHOMEDIR parameter...

RavenNuke 2.3.0 Multiple Remote Vulnerabilities

No description provided by source. waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 16. February 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-72.htm...

RavenNuke 2.3.0 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications =============================================== RavenNuke 2.3.0 Multiple Remote Vulnerabilities =============================================== waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0...

CVE-2008-6132

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...

Sql injection

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

CVE-2008-6103

PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter...