Code injection

Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in 1 wp-content/cache/userlogins/ 2...

CVE-2006-2667

Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in 1 wp-content/cache/userlogins/ 2...

CVE-2006-2667

Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in 1 wp-content/cache/userlogins/ 2...

ipb search.php vulnerability analysis and thinking-vulnerability warning-the black bar safety net

Author: SuperHeiAtph4nt0m.org Blog: http://superhei.blogbus.com/ Team: http://www.ph4nt0m.org Data: 2006-04-27 Simple analysis The vulnerability is another one of pregreplace+/e vulnerability,代码 在 \sources\actionadmin\search.php line 1 2 5 8-1 2 6 a 2: if $this-ipsclass-input'lastdate' $this-outp...

UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion

The version of UBB.threads installed on the remote host fails to sanitize input to the 'thispath' parameter before using it in a PHP include function in the 'addpostnewpoll.php' script. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be able to exploit this fl...

CVE-2006-2608

artmedic newsletter 4.1 and possibly other versions, when registerglobals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an...

CVE-2006-2609

artmedic newsletter 4.1.2 and possibly other versions, when registerglobals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletterlog.php. NOTE: the provenance of this information is unknown; the details are obtained sole...

Information disclosure

artmedic newsletter 4.1.2 and possibly other versions, when registerglobals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletterlog.php. NOTE: the provenance of this information is unknown; the details are obtained sole...

CVE-2006-2608

artmedic newsletter 4.1 and possibly other versions, when registerglobals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an...

DoceboLms 2.0.x - Lang Multiple Remote File Inclusions

DoceboLms 2.0.x - Lang Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/18110/info DoceboLMS is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit...

Drupal-4.7.txt

!/usr/bin/php -q -d shortopentag=on '; / then: http://target/path/files/attach.php.pps?cmd=ls%20-la also, I noticed that from an admin account you can upload .php3 or .php5 files / if $argc6 echo "Usage: php ".$argv0." host path user pass cmd OPTIONS\r\n"; echo "host: target server...

Design/Logic Flaw

Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...

CVE-2006-2592

Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...

CVE-2006-2592

The CVE-2006-2592 entry concerns DSChat 1.0, where a vulnerability in the Nickname field allows remote attackers to execute arbitrary PHP code because the field is not sanitized before creating a file in a user directory. The public record includes a CVSS v2 base score of 7.5 (HIGH) with Network ...

Nucleus CMS PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion

The remote host is running Nucleus CMS, an open source content management system. The version of Nucleus CMS installed on the remote host fails to sanitize input to the 'DIRLIBS' parameter before using it in a PHP include function in the 'nucleus/libs/PLUGINADMIN.php' script. Provided PHP's...

Remote file inclusion

PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS"CLPath" parameter to 1 reconfig.php and 2 srxclr.php. NOTE: this might be due to a globals overwrite issue...

CVE-2006-2570

PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS"CLPath" parameter to 1 reconfig.php and 2 srxclr.php. NOTE: this might be due to a globals overwrite issue...

CVE-2006-2578

admin/cron.php in eSyndicat Directory 1.2, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the pathtoconfig parameter...

CVE-2006-2570

PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS"CLPath" parameter to 1 reconfig.php and 2 srxclr.php. NOTE: this might be due to a globals overwrite issue...

newsletter.txt

I found a bug in artmedic Newsletter 4.1 proably even in newer versions which lets an attacker run arbitrary php-code and bypass the password protection. The reason for this is mistake in design. log.php: Usually the log.php is included and $logfile,$logtime and $email are declared in the parent...