CVE-2006-0214

Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the dbid parameter to visitorupload.php, as demonstrated using phpinfo and include function calls...

CVE-2006-0206

Eval injection vulnerability in Light Weight Calendar LWC 1.0 20040909 and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php...

Sql injection

Eval injection vulnerability in Light Weight Calendar LWC 1.0 20040909 and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php...

[eVuln] ACal Authentication Bypass & PHP Code Insertion

New eVuln Advisory: ACal Authentication Bypass & PHP Code Insertion --------------------Summary---------------- Software: ACal Sowtware's Web Site: http://acalproj.sourceforge.net/ Versions: 2.2.5 Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Availabl...

CVE-2006-0183

Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via 1 the edit=header value, which modifies header.php, or 2 the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from th...

Code injection

Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via 1 the edit=header value, which modifies header.php, or 2 the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from th...

[SA18432] ACal "ACalAuthenticate" Authentication Bypass Vulnerability

TITLE: ACal "ACalAuthenticate" Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA18432 VERIFY ADVISORY: http://secunia.com/advisories/18432/ CRITICAL: Highly critical IMPACT: Security Bypass, System access WHERE: From remote SOFTWARE: ACal 2.x http://secunia.com/product/3884/ DESCRIPTION...

Code injection

phgstats.inc.php in phgstats before 0.5.1, if registerglobals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable...

CVE-2006-0164

phgstats.inc.php in phgstats before 0.5.1, if registerglobals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable...

Directory traversal

addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory...

CVE-2006-0169

addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory...

CVE-2006-0164

phgstats.inc.php in phgstats before 0.5.1, if registerglobals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable...

Code injection

The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function...

AppServ Open Project 2.4.5 - Remote File Inclusion

source: https://www.securityfocus.com/bid/16166/info AppServ Open Project is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an...

AppServ Open Project 2.4.5 - Remote File Inclusion

AppServ Open Project 2.4.5 - Remote File Inclusion source: https://www.securityfocus.com/bid/16166/info AppServ Open Project is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this...

EV0019.txt

New eVuln Advisory: NavBoard BBcode XSS Vulnerability --------------------Summary---------------- Vendor: NavBoard Vendor's Web Site: http://navarone.f2o.org/ Software: NavBoard Sowtware's Web Site: http://sourceforge.net/projects/navboard/ Versions: checked: V16 Stable2.6.0 and V17beta2 Critical...

CVE-2006-0094

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the incstat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

CVE-2006-0076

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter...

Night cat article system Version 2.1.0 cross site & injection vulnerability-vulnerability warning-the black bar safety net

Articles have been published in thehack the x-Files2 0 0 6 in the first period Cross-site vulnerability: night cat article system code amount is not very large, then we will from the most basic to start it, open the registration page to register. php see the following code if $POSTaction ==...

EV0006.txt

New eVuln Advisory: phpBook PHP Code Execution --------------------Summary---------------- Software: phpBook http://sourceforge.net/projects/phpbook/ Versions: 1.3.2 and earlier Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Available Solution: Not...