Security Advisory - phpBB 2.0.15 PHP-code injection bug

Security Advisory -//- phpBB 2.0.15 PHP-code injection bug Program: phpBB 2.0.15 and older versions Homepage: http://www.phpbb.com Risk: Very High Date: June 28 2005 Title: PHP-code injection bug Type: partial disclosure Author: Ron van Daal :. Vendor notified: June 23 2005 Background: phpBB is a...

Re: [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug

On 28 Jun ‘05, at 14:47, ronvdaal wrote: Proof of concept: http://some.forum/viewtopic.php?p=postnum&highlight='.dieomghax.' Uh, whoops. Another suggested solution: Remove the highlight handling code in viewtopic.php or replace it with something that does not use the /e flag to pregreplace. As it...

pear-XML_RPC -- arbitrary remote code execution

GulfTech Security Research Team reports: PEAR XMLRPC is vulnerable to a very high risk php code injection vulnerability due to unsanatized data being passed into an eval call...

CVE-2005-1876

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template .tpl file...

Fusionphp Fusion News 3.3/3.6 - X-Forworded-For PHP Script Code Injection

source: https://www.securityfocus.com/bid/13661/info FusionPHP Fusion News is prone to a remote PHP code injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. This may facilitate unauthorized access. ? $copyr = " !!! PRIVATE !!! PRIVA...

ZeroBoard Worm Source Code

No description provided by source. / The worm exploits a vulnerability in ZeroBoard, allowing an attacker to inject arbitrary PHP code. /str0ke / / ZeroBoard -1day INE w0rm / include stdio.h include unistd.h include stdlib.h include sys/socket.h include netdb.h include netinet/in.h include signal...

GrayCMS php code injection

Version: 1.1 Severity: High Vendor: http://gcms.graymur.net/ Vulnerable code is in "code/error.php": ----begin---- ... if !isset$page $page = ''; if !isset$pathprefix $pathprefix = '../'; if empty$main require $pathprefix.'code/main.dat'; if isset$e404 or isset$GET'e404' ... if isset$e403 or...

PHP mcNews arbitrary file inclusion

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- BadRoot Security Advisory 2005-0x01 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Thu Mar 17 2005 - 00:46 am GMT +1 Product: mcNews =1.3 successfully exploited on 1.3 Vendor: http://www.phpforums.net/index.php?dir=dld Home Page Type: Arbitrary fil...

CVE-2005-0645

CVE-2005-0645 describes a cross-site scripting (XSS) vulnerability in CuteNews 1.3.6. The flaw allows an attacker to inject arbitrary HTML, web script, and PHP code via the CLIENT-IP or X-FORWARDED-FOR headers in an HTTP POST to show_news.php. Affected component is show.inc.php in CuteNews 1.3.6....

CVE-2005-0647

adminsetup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the 1 $formcomments or 2 $formautoapprove parameters, which are written to config.php...

vbulletin306.txt

Summary: vbulletin 3.0.6 and below php code injection Description =========== vBulletin is a powerful, scalable and fully customizable forums package for your web site. It has been written using the Web's quickest-growing scripting language; PHP, and is complimented with a highly efficient and...

vBulletin misc.php template Parameter PHP Code Injection

The remote version of vBulletin fails to sanitize input to the 'template' parameter of the 'misc.php' script. Provided the 'Add Template Name in HTML Comments' setting in vBulletin is enabled, an unauthenticated attacker may use this flaw to execute arbitrary PHP commands on the remote host...

[SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection

Summary: vbulletin 3.0.6 and below php code injection Description =========== vBulletin is a powerful, scalable and fully customizable forums package for your web site. It has been written using the Web's quickest-growing scripting language; PHP, and is complimented with a highly efficient and...

vBulletin 3.0.6 - PHP Code Injection

vBulletin 3.0.6 - PHP Code Injection Tested on vBulletin Version 3.0.1 /str0ke http://www.xxx.net/misc.php?do=page&template=$systemid SCAN Associates Security Advisory http://www.scan-associates.net Proof of concept ================ http://site.com/misc.php?do=page&template=$phpinfo milw0rm.com...

vBulletin <= 3.0.6 php Code Injection Vulnerability

No description provided by source. Tested on vBulletin Version 3.0.1 /str0ke http://www.xxx.net/misc.php?do=page&template=$systemid SCAN Associates Security Advisory http://www.scan-associates.net Proof of concept ================ http://site.com/misc.php?do=page&template=$phpinfo...

vBulletin <= 3.0.6 php Code Injection

Exploit for unknown platform in category web applications ===================================== vBulletin = 3.0.6 php Code Injection ===================================== Tested on vBulletin Version 3.0.1 /str0ke http://www.xxx.net/misc.php?do=page&template=$systemid SCAN Associates Security...

[Full-Disclosure] : [SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection

Summary: vbulletin 3.0.6 and below php code injection Description =========== vBulletin is a powerful, scalable and fully customizable forums package for your web site. It has been written using the Web's quickest-growing scripting language; PHP, and is complimented with a highly efficient and...

vBulletin 3.0.6 - PHP Code Injection

Tested on vBulletin Version 3.0.1 /str0ke http://www.xxx.net/misc.php?do=page&template=$systemid SCAN Associates Security Advisory http://www.scan-associates.net Proof of concept ================ http://site.com/misc.php?do=page&template=$phpinfo milw0rm.com 2005-02-22...

CVE-2004-2157

Cross-site scripting XSS vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the 1 email or 2 username field...

CVE-2004-2138

Cross-site scripting XSS vulnerability in AWSguest.php in AllWebScripts MySQLGuest allows remote attackers to inject arbitrary HTML and PHP code via the 1 Name, 2 Email, 3 Homepage or 4 Comments field...