GLSA-200605-13 : MySQL: Information leakage

The remote host is affected by the vulnerability described in GLSA-200605-13 MySQL: Information leakage The processing of the COMTABLEDUMP command by a MySQL server fails to properly validate packets that arrive from the client via a network socket. Impact : By crafting specific malicious packets...

CVE-2006-2335

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

Code injection

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in 1 editsite.php, 2 addsite.php, and 3 in.php. NOTE: The config.php vector is already covered by CVE-2006-1749...

EUVD-2006-2331

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, a...

CVE-2006-2335

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

CVE-2006-2323

Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in 1 editsite.php, 2 addsite.php, and 3 in.php. NOTE: The config.php vector is already covered by CVE-2006-1749...

Hackmaster Group DMCounter Remote File Include

Script: DMCounter Version: 0.9.2-b Language: PHP Problem: Remote File Include Vendor: http://Www.HackMaster.Us Discovered by: C-W-Mathackmasterdotus Description ============= Statistics software based on PHP which does not require any database support but just uses flat files. Daily + monthly...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 clarolineRepositorySys parameter in ldap.inc.php and the 2 claroCasLibPath parameter in casProcess.inc.php...

Design/Logic Flaw

X-Scripts X-Poll xpoll 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it...

CVE-2006-2281

X-Scripts X-Poll xpoll 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it...

Remote file inclusion

PHP remote file inclusion vulnerability in auction\auctioncommon.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2006-2261

PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

ISPConfig 2.2.2/2.2.3 - 'Session.INC.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17909/info ISPConfig is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...

ISPConfig 2.2.22.2.3 - Session.INC.php Remote File Inclusion

ISPConfig 2.2.22.2.3 - Session.INC.php Remote File Inclusion source: https://www.securityfocus.com/bid/17909/info ISPConfig is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this iss...

x7chatphp.txt

!/usr/bin/php -q -d shortopentag=on works regardless of magicquotesgpc settings\r\n"; echo " if avatar uploads are enabled default\r\n"; echo "dork: intitle:"X7 Chat Help Center" | "Powered By X7 Chat"\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host:...

CVE-2006-2149

PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIGpath parameter, as demonstrated by including a GIF that contains PHP code...

Fast Click SQL Lite 1.1.21.1.3 - show.php Remote File Inclusion

Fast Click SQL Lite 1.1.21.1.3 - show.php Remote File Inclusion source: https://www.securityfocus.com/bid/17819/info Fast Click SQL Lite is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can...

Fast Click SQL Lite 1.1.2/1.1.3 - 'show.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17819/info Fast Click SQL Lite is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

Remote file inclusion

PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...