7194 matches found
CVE-2006-0887
Eval injection vulnerability in sessions.inc in PHP Base Library PHPLib before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this...
CVE-2006-0891
CVE-2006-0891 affects NOCC Webmail 1.0. The vulnerability arises from multiple directory traversal flaws that allow remote attackers to include arbitrary files by manipulating dot-dot sequences and a trailing NULL byte in (1) html/footer.php via _SESSION['nocc_theme'], and (2) lang and (3) theme ...
Code injection
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php...
CVE-2006-0852
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php...
NOCC 1.0 - 'filter_prefs.php?html_filter_select' Cross-Site Scripting
source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject arbitrary PHP code and execute it ...
NOCC 1.0 - error.php?html_error_occurred Cross-Site Scripting
NOCC 1.0 - error.php?htmlerroroccurred Cross-Site Scripting source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can explo...
NOCC 1.0 - no_mail.php?html_no_mail Cross-Site Scripting
NOCC 1.0 - nomail.php?htmlnomail Cross-Site Scripting source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit the...
NOCC 1.0 - filter_prefs.php?html_filter_select Cross-Site Scripting
NOCC 1.0 - filterprefs.php?htmlfilterselect Cross-Site Scripting source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can...
NOCC 1.0 - 'html_bottom_table.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject arbitrary PHP code and execute it ...
NOCC 1.0 - 'no_mail.php?html_no_mail' Cross-Site Scripting
source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject arbitrary PHP code and execute it ...
Noah's Classifieds 1.0/1.3 - 'index.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/16780/info Noah's Classifieds is prone to a remote file-include vulnerability. An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the...
Noahs Classifieds 1.01.3 - index.php Remote File Inclusion
Noahs Classifieds 1.01.3 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/16780/info Noah's Classifieds is prone to a remote file-include vulnerability. An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process...
EV0072.txt
New eVuln Advisory: Magic News Lite PHP Code Execution & Unauthorized Data Modification http://evuln.com/vulns/72/summary.html --------------------Summary---------------- eVuln ID: EV0072 CVE: CVE-2006-0723 CVE-2006-0724 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com...
CVE-2006-0831
PHP remote file include vulnerability in index.php in Tasarim Rehberi allows remote attackers to execute arbitrary PHP code via a URL in the 1 sayfaadi or 2 sayfa parameter. NOTE: this might be a site-specific issue. If so, it should not be included in CVE...
CVE-2006-0810
Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection...
CVE-2006-0810
Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection...
coppermine -- File Inclusion Vulnerabilities
Secunia reports: Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people and by malicious users to compromise a vulnerable system. 1 Input passed to the "lang" parameter in include/init.inc.php isn't properly verified, before it is used to include files. This can...
Sql injection
Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via 1 the contactgroupid parameter in addressbook.update.php, 2 the messageid parameter in addressbook.add.php, 3 the folderid parameter in folders.update.php, and possibly...
CVE-2006-0757
Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via 1 the contactgroupid parameter in addressbook.update.php, 2 the messageid parameter in addressbook.add.php, 3 the folderid parameter in folders.update.php, and possibly...
CVE-2006-0757
CVE-2006-0757 describes multiple PHP eval-injection vulnerabilities in HiveMail 1.3 and earlier, allowing remote attackers to execute arbitrary PHP code via various parameters (e.g., contactgroupid in addressbook.update.php, messageid in addressbook.add.php, folderid in folders.update.php, and ot...