Limbo CMS 1.0.4.2 - 'itemID' Remote Code Execution (Metasploit)

Title: Limbo CMS version 1.x suffers from a remote code execution vulnerability. Name: limbocms1x.pm License: Artistic/BSD/GPL Info: Trying to get the command execution exploits out of the way on milw0rm.com. M's are always good. - This is an exploit module for the Metasploit Framework, please se...

Noah's Classifieds 1.0/1.3 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/16780/info Noah's Classifieds is prone to a remote file-include vulnerability. An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the...

EV0072.txt

New eVuln Advisory: Magic News Lite PHP Code Execution & Unauthorized Data Modification http://evuln.com/vulns/72/summary.html --------------------Summary---------------- eVuln ID: EV0072 CVE: CVE-2006-0723 CVE-2006-0724 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com...

Sql injection

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via 1 the contactgroupid parameter in addressbook.update.php, 2 the messageid parameter in addressbook.add.php, 3 the folderid parameter in folders.update.php, and possibly...

CVE-2006-0688

PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter...

dotProject 2.0 - '/modules/admin/vw_usr_roles.php?baseDir' Remote File Inclusion

source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...

LinPHA <= 1.0 Multiple Vulnerabilities

The remote host is running LinPHA, a web photo gallery application written in PHP. The installed version of LinPHA suffers from a number of flaws, several of which could allow an unauthenticated attacker to view arbitrary files or to execute arbitrary PHP code on the remote host, subject to the...

HiveMail 1.2.21.3 - addressbook.update.php?contactgroupid Arbitrary PHP Command Execution

HiveMail 1.2.21.3 - addressbook.update.php?contactgroupid Arbitrary PHP Command Execution source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL...

HiveMail 1.2.21.3 - index.php $_SERVER[PHP_SELF] Cross-Site Scripting

HiveMail 1.2.21.3 - index.php $SERVERPHPSELF Cross-Site Scripting source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP...

HiveMail 1.2.2/1.3 - &#039;folders.update.php?folderid&#039; Arbitrary PHP Command Execution

source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP code-execution issues are the result of an input-validation error that...

CVE-2006-0636

desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the SESSION variable before calling the sessionstart function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using...

EV0029.txt

New eVuln Advisory: Light Weight Calendar PHP Code Execution http://evuln.com/vulns/29/summary.html --------------------Summary---------------- Software: Light Weight Calendar Sowtware's Web Site: http://sourceforge.net/projects/lwcal/ Versions: 1.0 Critical Level: Dangerous Type: PHP Code...

[eVuln] Light Weight Calendar PHP Code Execution

New eVuln Advisory: Light Weight Calendar PHP Code Execution http://evuln.com/vulns/29/summary.html --------------------Summary---------------- Software: Light Weight Calendar Sowtware's Web Site: http://sourceforge.net/projects/lwcal/ Versions: 1.0 Critical Level: Dangerous Type: PHP Code...

CVE-2006-0206

Eval injection vulnerability in Light Weight Calendar LWC 1.0 20040909 and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php...

CVE-2006-0164

phgstats.inc.php in phgstats before 0.5.1, if registerglobals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable...

EV0006.txt

New eVuln Advisory: phpBook PHP Code Execution --------------------Summary---------------- Software: phpBook http://sourceforge.net/projects/phpbook/ Versions: 1.3.2 and earlier Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Available Solution: Not...

EV0003.txt

New eVuln Advisory: oaBoard PHP Code Execution --------------------Summary---------------- Software: oaBoard Versions: 1.0 Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu [email protected]...

[eVuln] oaBoard PHP Code Execution

New eVuln Advisory: oaBoard PHP Code Execution --------------------Summary---------------- Software: oaBoard Versions: 1.0 Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu [email protected]...

IceWarp Universal WebMail - mailinclude.html Crafted HTTP_USER_AGENT Arbitrary File Access

IceWarp Universal WebMail - mailinclude.html Crafted HTTPUSERAGENT Arbitrary File Access source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp...

IceWarp Universal WebMail - adminincinclude.php Multiple Remote File Inclusions

IceWarp Universal WebMail - adminincinclude.php Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal...