CuteNews Multiple Script cutepath Parameter Arbitrary Command Execution

The version of CuteNews installed on the remote host fails to sanitize input to the 'cutepath' parameter before using it in various scripts to include PHP code. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server...

PHP code injection in CuteNews

PHP source code injection in CuteNews Informations : =============================================== Script : CuteNews v0.88 Offical site : http://air.langame.net/ =============================================== PHP Scripts : =============================================== shownews.php :...

PHPGB 1.1/1.2 - PHP Code Injection

source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the savesettings.php script. The...

PHPGB 1.11.2 - PHP Code Injection

PHPGB 1.11.2 - PHP Code Injection source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the...

XGB 1.2 - Remote Form Field Input Validation

source: https://www.securityfocus.com/bid/4515/info xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. xGB does not sufficiently validate input that is supplied via form fields. An attacker may, under some...

Вставка PHP-кода в VikkiTikkiTavi (code execution)

Можифицировав URL можно запросить вставить в шаблон файл с другой машины...

vBulletin allows arbitrary code execution

OVERVIEW ======== vBulletin http://www.vbulletin.com is a commonly used web forum system written in PHP. One of its key features is use of templates, which allow the board administrator to dynamically modify the look of the board. vBulletin templates are parsed with the eval function. This could ...

Дырка в vBulletin (PHP code injection)

Можно вставить PHP-код в программу...

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...