CVE-2008-5949

Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cctbase parameter to 1 index.php; 2 handle/proxy.php; 3 header.php, 4 include.php, and 5 workspace.php in includes/; and 6 plugins/RSS/files/rss.php...

CVE-2008-5963

Gravity GTD (Getting Things Done) up to version 0.4.5 is affected by an eval-injection vulnerability in library/setup/rpc.php that allows remote attackers to execute arbitrary PHP code via the objectname parameter. This CVE (CVE-2008-5963) is rated high by NVD (base score 10.0) with network attac...

Code injection

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these...

CVE-2009-0251

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these...

CVE-2009-0251

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these...

CVE-2009-0251

Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these...

CVE-2009-0251

CVE-2009-0251 affects Ryneezy phoSheezy 0.2: static code injection in admin.php allows remote authenticated admins to inject PHP into config/footer via the footer parameter. NOTE: exploitation can be chained via CVE-2009-0250, which may enable unauthenticated access to sensitive config data. The ...

KTorrent PHP Code Injection And Security Bypass Vulnerability

KTorrent is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-5920

The createanchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the pregreplace function with the eval switch...

CVE-2008-5920

The createanchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the pregreplace function with the eval switch...

roundcube -- webmail script insertion and php code injection

Secunia reports: Some vulnerabilities have been reported in RoundCube Webmail, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct script insertion attacks and compromise a vulnerable system. The HTML "background" attribute within e.g. HT...

phpList <= 2.10.8 Variable Overwriting

The version of phpList installed on the remote host emulates PHP's 'registerglobals' functionaltiy' insecurely in its 'admin/index.php' script. Provided PHP's 'registerglobals' setting is disabled, an unauthenticated attacker can exploit this issue to overwrite the 'SERVERConfigFile' and...

MKPortal 1.2.1 XSS / SQL Injection / File Upload

waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind "waraxe" Date: 15. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-70.html Description of vulnerable software...

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

CVE-2008-5906

KTorrent’s web interface plugin is affected by CVE-2008-5906 (and CVE-2008-5905). The vulnerability arises from improper handling of web-interface request parameters, enabling remote attackers to inject PHP code and, per Gentoo/Ubuntu advisories, potentially perform arbitrary code execution in th...

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

MKPortal <= 1.2.1 () Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ==================================================== MKPortal = 1.2.1 Multiple Remote Vulnerabilities ==================================================== waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1...

GNUBoard 4.31.03 (08.12.29) - Local File Inclusion

GNUBoard V4.31.03 08.12.29 Local/Remote File Include Vulnerability BY flyh4thotmail.com Thx to qiuren/rayt TEAM:Wolves Security Team SITE:http://bbs.wolvez.org/ / SIR GNUBoard VERSION 4.31.03 08.12.29is a widely used bulletin board system of Korea. It is freely available for all platforms that...