CVE-2006-2002

PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirbase parameter...

[SA19749] built2go Movie Review "full_path" File Inclusion Vulnerability

TITLE: built2go Movie Review "fullpath" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA19749 VERIFY ADVISORY: http://secunia.com/advisories/19749/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: built2go Movie Review 1.x http://secunia.com/product/9515/...

[Full-disclosure] Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability.

--Security Report-- Advisory: Clansys = 1.1 PHP Code Insertion Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 23/04/06 21:07 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: Clansys http://www.clansys.de.vu/ Versio...

Clansys <= v.1.1 (index.php page) PHP Code Insertion Vulnerability

No description provided by source. NukedX Security Advisory Nr 2006-29 ClanSys v1.1 index.php page PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=29...

Clansys 1.1 - index.php PHP Code Insertion

Clansys 1.1 - index.php PHP Code Insertion NukedX Security Advisory Nr 2006-29 ClanSys v1.1 index.php page PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory:...

Directory traversal

Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." dot dot in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code...

CVE-2006-1963

Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." dot dot in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code...

CVE-2006-1929

PHP remote file inclusion vulnerability in include/common.php in I-Rater Platinum allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter...

Information disclosure

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1922

PHP remote file inclusion vulnerability in 1 about.php or 2 auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the incdir parameter...

CVE-2006-1910

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1896

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...

Code injection

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...

CVE-2006-1896

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...

CVE-2006-1895

Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that 1 bypasses a loose "." regular expression to match BEGIN and END statements in overallheader.tpl, or...

CVE-2006-1896

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...

CVE-2006-1895

The provided data confirms CVE-2006-1895 affecting phpBB: a direct static code injection in includes/template.php allows remote authenticated users with write access to execute arbitrary PHP by modifying templates. The root causes are (1) bypassing a loose regex intended to match BEGIN/END in ove...

CVE-2006-1896

CVE-2006-1896 concerns a vulnerability in phpbb2 where admin users with access to the Admin Panel can cause arbitrary PHP code execution via the Font Colour 3 setting due to insufficient input sanitisation. Debian/DSA-1066-1 documents that the issue arises from how values are sanitised for Font C...

[eVuln] N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities

New eVuln Advisory: N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities http://evuln.com/vulns/121/summary.html --------------------Summary---------------- eVuln ID: EV0121 CVE: CVE-2006-1657 CVE-2006-1658 Vendor: Chucky A. Ivey Software: N.T. Sowtware's Web Site: http://www.v-gfx.net/...

I-RATER Platinum - Common.php Remote File Inclusion

I-RATER Platinum - Common.php Remote File Inclusion source: https://www.securityfocus.com/bid/17623/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue...