CVE-2007-2148

Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...

CVE-2007-2148

CVE-2007-2148 affects Stephen Craton (WiredPHP) Chatness 2.5.3 and earlier, with a vulnerability in admin/save.php. The issue allows remote authenticated administrators to inject PHP code into .html files via the html parameter; the injected code is then executed when index.php is requested (demo...

EUVD-2007-2151

Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to 1 datumVonDatumBis.inc.php, 2 footer.inc.php, 3 header.inc.php, and 4 stylesheets.php in templates/; and 5 wochenuebersicht.inc.php, 6...

LS simple guestbook (v1) Remote Code Execution Vulnerability

Special Greetings To - Timq,Warpboy,The-Maggot File: index.php Affects: LS simple guestbook v1 Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize user input that it writes to the posts.txt file...

Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities

======================================================= Tosmo Mambo = 4.0.12 absolutepath Multiple RFI Vulnerabilities ======================================================= Found By : Cold z3ro , [email protected] ======================================================= Homepage:...

Code injection

Direct static code injection vulnerability in index.php in Limesoft Guestbook LS Simple Guestbook allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2007-2092

Direct static code injection vulnerability in index.php in Limesoft Guestbook LS Simple Guestbook allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

Code injection

Direct static code injection vulnerability in index.php in Limesoft Guestbook LS Simple Guestbook 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in my little forum 1.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to 1 admin.php and 2 timedifference.php...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to comarticles.php in 1 components/ or 2 classes/html/...

CVE-2007-2084

PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the authmethod parameter to 1 index.php, 2 list.php, 3 postreview.php, 4 reindex.php, 5 sections.php, 6 templates.php, 7 userinfo.php, 8 users.php, and 9 view.php...

CVE-2007-2095

PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the myroot parameter, a different vector than CVE-2007-0498...

CVE-2007-2088

Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 writerFile parameter to index.php and the 2 file parameter to Integrator.php...

CVE-2007-2084

PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the authmethod parameter to 1 index.php, 2 list.php, 3 postreview.php, 4 reindex.php, 5 sections.php, 6 templates.php, 7 userinfo.php, 8 users.php, and 9 view.php...

CVE-2007-2092

Direct static code injection vulnerability in index.php in Limesoft Guestbook LS Simple Guestbook allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2007-2089

The CVE-2007-2089 entry covers multiple PHP remote file inclusion (RFI) vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo/Joomla!. The underlying issue is unsafe handling of the absolute_path parameter to com_articles.php, in either components/ or classes/html/, al...

CVE-2007-2082

Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this...

CVE-2007-2082

Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this...

ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit

Exploit for unknown platform in category web applications =========================================================== ShoutPro ?php echo "...

ls-exec.txt

Special Greetings To - Timq,Warpboy,The-Maggot File: index.php Affects: LS simple guestbook v1 Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize user input that it writes to the posts.txt file...