CVE-2006-1252

Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...

Sql injection

Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...

CVE-2006-1252

CVE-2006-1252 affects Light Weight Calendar (LWC) 1.0, where an eval injection in cal.php allows remote attackers to execute arbitrary PHP code via the date parameter to index.php. This is a remote code execution vulnerability with CVSSv2 base score 7.5 (HIGH) and network attack vector with no au...

CVE-2006-1252

Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...

PHP iCalendar publish.ical.php Arbitrary File Upload

The remote host appears to be running PHP iCalendar, a web-based iCal file viewer / parser written in PHP. The installed version of PHP iCalendar supports iCal publishing but does not properly restrict the types of files uploaded and places them in a web-accessible directory. An unauthenticated...

Code injection

Direct static code injection vulnerability in addlink.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the urlname parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement...

CVE-2006-1208

Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory...

Directory traversal

Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory...

CVE-2006-1200

Direct static code injection vulnerability in addlink.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the urlname parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement...

CVE-2006-1208

Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory...

CVE-2006-1200

CVE-2006-1200 describes a direct static code injection in the add_link.txt component of the daverave Link Bank, where the url_name parameter is stored in links.txt without sanitization and later used in an include statement. This enables remote attackers to execute arbitrary PHP code and potentia...

CVE-2006-1200

Direct static code injection vulnerability in addlink.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the urlname parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement...

EV0089.txt

New eVuln Advisory: FreeForum PHP Code Execution & Multiple XSS Vulnerabilities http://evuln.com/vulns/89/summary.html --------------------Summary---------------- eVuln ID: EV0089 CVE: CVE-2006-0957 CVE-2006-0958 Vendor: ZoneO-Soft Vendor's Web Site: http://soft.zoneo.net/ Software: FreeForum...

Design/Logic Flaw

PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1099

PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1099

PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1087

Direct static code injection vulnerability in the modifyconfig action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the optionnewcompatibilitymode parameter, which is not filtered before being stored in config.php. NOTE...

CVE-2006-1085

admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the optionadminpass parameter and setting the passcookie to the MD5 hash of the specified password...

[SA19165] Nodez "op" File Inclusion and Cross-Site Scripting

TITLE: Nodez "op" File Inclusion and Cross-Site Scripting SECUNIA ADVISORY ID: SA19165 VERIFY ADVISORY: http://secunia.com/advisories/19165/ CRITICAL: Highly critical IMPACT: Cross Site Scripting, System access WHERE: From remote SOFTWARE: Nodez 4.x http://secunia.com/product/8640/ DESCRIPTION:...

EV0087.txt

New eVuln Advisory: ShoutLIVE PHP Code Execution & Multiple XSS Vulnerabilities http://evuln.com/vulns/87/summary.html --------------------Summary---------------- eVuln ID: EV0087 CVE: CVE-2006-0940 CVE-2006-0941 Software: ShoutLIVE Sowtware's Web Site:...