CVE-2002-1113

CVE-2002-1113 affects Mantis Control/issue tracker: summary_graph_functions.php in Mantis ≤ 0.17.3 allows remote code execution by altering g_jpgraph_path to point to PHP code. The root cause is the g_jpgraph_path parameter not being validated, enabling an attacker to reference arbitrary PHP as c...

Gallery save_photos.php Arbitrary Command Execution

The version of Gallery hosted on the remote web server is affected by an arbitrary command execution vulnerability. This could allow an attacker to execute arbitrary commands on the remote host by uploading a file containing arbitrary PHP code. When the temp directory is web accessible, the...

Mantis Bugtracker Remote PHP Code Execution Vulnerability

--------------------------------------------------------------------------- Mantis Bugtracker Remote PHP Code Execution Vulnerability --------------------------------------------------------------------------- Author: Joxean Koret Date: 08-01-2004 Location: Basque Country...

Coppermine Gallery < 1.1 Beta 2 PHP Code Execution (deprecated)

Binary data 1567.prm...

CVE-2004-0490

cPanel, when compiling Apache 1.3.29 and PHP with the modphpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPTFILENAME variable to find and execute a script instead of the PATHTRANSLATED variable, which allows local users to execute arbitrary PHP code...

trixbox Dashboard user/index.php langChoice Parameter Local File Inclusion

Binary data 4577.prm...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a popular, web-based MySQL administration tool written in PHP. It allows users to administer a MySQL database from a web-browser. Description Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including...

phpMyAdmin 2.5.7 - Remote code Injection

phpMyAdmin 2.5.7 - Remote code Injection / phpmy-explt.c written by Nasir Simbolon eagle kecapi com Jakarta, Indonesia June, 10 2004 A phpMyAdmin-2.5.7 exploite program. This is a kind of mysql server wrapper acts like a proxy except that it will sends a fake table name, when client query "SHOW...

gallery -- remote code injection via HTTP_POST_VARS

A web server running Gallery can be exploited for arbitrary PHP code execution through the use of a maliciously crafted URL...

phpGroupWare 0.9.14 - &#039;Tables_Update.Inc.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/12074/info phpGroupWare is prone to a remote file include vulnerability, potentially allowing the execution of malicious PHP code. This would occur in the context of the affected web server. The tablesupdate.inc.php script contains the following include...

CVE-2004-0030

PHP remote file inclusion vulnerability in 1 functions.php, 2 authenticationindex.php, and 3 configgedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGVBASEDIRECTORY parameter to reference a URL on a remote web server that contains the code...

Mambo Open Source 4.54.6 - mod_mainmenu.php Remote File Inclusion

Mambo Open Source 4.54.6 - modmainmenu.php Remote File Inclusion source: https://www.securityfocus.com/bid/9445/info It has been reported that Mambo Open Source may be prone to a remote file include vulnerability that may allow an attacker to include malicious external files containing arbitrary...

Mambo mod_mainmenu.php mosConfig_absolute_path Parameter Remote File Inclusion

There is a flaw in the installed version of Mambo Open Source that may allow an attacker to execute arbitrary remote PHP code on this host because it fails to sanitize input to the 'mosConfigabsolutepath' of 'modules/modmainmenu.php' before using it to include PHP code from another file. Note tha...

CVE-2003-1131

PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code...

CVE-2003-1256

afflistelangue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the repinclude parameter to reference a URL on a remote web server that contains paralangue.php...

CVE-2003-1241

Cross-site scripting vulnerability XSS in 1 adminindex.php, 2 adminpass.php, 3 adminmodif.php, and 4 adminsuppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via...

Новые уязвимости.

Командой сетевой безопасности LwB Team найдены следующие уязвимости: 1.Произвольный PHP код в Flipper Poll v1.1 URL: http://php.pogoworld.co.uk FILE: poll.php Не проверяется фактическое расположение сценария: config.php , представленного в параметре rootpath . Exploit:...

Gallery 1.4 - index.php Remote File Inclusion

Gallery 1.4 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/8814/info It has been reported that Gallery is prone to a remote file include vulnerability in the index.php script file. The problem occurs due to the program failing to verify the location in which it includ...

CVE-2003-0559

mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAINPATH parameter to reference a URL on a remote web server that contains the code...

CVE-2003-1086

PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pmpath parameter to reference a URL on a remote web server that contains the code...