Code injection

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 aka Strawberry allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression...

LokiCMS 0.3.4 - writeconfig() Remote Command Execution

LokiCMS 0.3.4 - writeconfig Remote Command Execution Author: GiReX Homepage: http://girex.altervista.org CMS: LokiCMS 0.3.4 URL: http://www.lokicms.com/ Description: LokiCMS is still vulnerable to Remote Command Execution see: http://milw0rm.com/exploits/5408 The exploit changed becouse the vars...

LokiCMS 0.3.4 - 'writeconfig()' Remote Command Execution

Author: GiReX Homepage: http://girex.altervista.org CMS: LokiCMS 0.3.4 URL: http://www.lokicms.com/ Description: LokiCMS is still vulnerable to Remote Command Execution see: http://milw0rm.com/exploits/5408 The exploit changed becouse the vars changed but the bugged function is the same:...

CVE-2008-4529

Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the ENVasicmspath parameter to 1 Association.php, 2 BigMath.php, 3 DiffieHellman.php, 4 DumbStore.php, 5 Extension.php, 6 FileStore.php, 7 HMAC.php, 8...

Barcode Generator 2.0 - 'LSTable.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/31419/info Barcode Generator is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in...

Barcode Generator 2.0 - LSTable.php Remote File Inclusion

Barcode Generator 2.0 - LSTable.php Remote File Inclusion source: https://www.securityfocus.com/bid/31419/info Barcode Generator is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...

PHP 5.2.6 - 'create_function()' Code Injection (1)

source: https://www.securityfocus.com/bid/31398/info PHP is prone to a code-injection weakness because it fails to sufficiently sanitize input to 'createfunction'. Note that the anonymous function returned need not be called for the supplied code to be executed. An attacker who can exploit this...

Gentoo Security Advisory GLSA 200503-35 (smarty)

The remote host is missing updates announced in advisory GLSA 200503-35. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200407-22 (dev-db/phpmyadmin)

The remote host is missing updates announced in advisory GLSA 200407-22. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200805-04 (egroupware)

The remote host is missing updates announced in advisory GLSA 200805-04. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200412-27 (PHProjekt)

The remote host is missing updates announced in advisory GLSA 200412-27. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200412-27 (PHProjekt)

The remote host is missing updates announced in advisory GLSA 200412-27. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200805-04 (egroupware)

The remote host is missing updates announced in advisory GLSA 200805-04. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Zen Cart products_id[] Array SQL Injection

The installed version of Zen Cart does not validate user-supplied input to the 'productsid' parameter array of the 'index.php' script when 'action' is set to 'multipleproductsaddproduct' before using the keys in a database query in the 'incartmixed' function in 'includes/classes/shoppingcart.php'...

Moodle 'lib/kses.php' 'kses_bad_protocol_once' Function Arbitrary PHP Code Execution

The version of Moodle on the remote host includes a version of the KSES HTML filtering library that does not safely call 'pregreplace' in the function 'ksesbadprotocolonce' in 'lib/kses.php'. An unauthenticated, remote attacker can leverage this issue to inject arbitrary PHP code that will be...

FreeBSD Ports: phpbb

The remote host is missing an update to the system as announced in the referenced advisory. VID e3cf89f0-53da-11d9-92b7-ceadd4ac2edd OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

CVE-2008-3769

PHP remote file inclusion vulnerability in admin/createordernew.php in Freeway 1.4.1.171, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includepage parameter...

Sql injection

Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...

CVE-2008-3764

Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...

CVE-2008-3721

PHP remote file inclusion vulnerability in userlanguage.php in DeeEmm CMS DMCMS 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the languagedir parameter...