CVE-2005-4171

The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP...

CVE-2005-4087

PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management SugarCRM 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter...

CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...

CVE-2005-4031

MediaWiki 1.5.x is affected by an Eval injection vulnerability before 1.5.3 that allows remote attackers to execute arbitrary PHP code via the user language option, which is used to form a dynamic class name processed by eval. Root cause: improper handling of user-supplied language selection lead...

CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...

CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...

CVE-2004-2631

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name...

DoceboLMS <= 2.0.4 connector.php Shell Upload Exploit

No description provided by source. ?php ---docebo204xpl.php 15.38 04/12/2005 DoceboLMS AKA SpaghettiLearning= 2.0.4 connector.php Shell Upload coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "This is called, using the conquered...

CVE-2005-3968

SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter...

CVE-2005-3859

PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter...

PHP Doc System 1.5.1 - Local File Inclusion

PHP Doc System 1.5.1 - Local File Inclusion source: https://www.securityfocus.com/bid/15611/info PHP Doc System is prone to a local file-include vulnerability. This is due to the application's failure to properly sanitize user-supplied input. This may facilitate the unauthorized viewing of files...

PHP Doc System 1.5.1 - Local File Inclusion

source: https://www.securityfocus.com/bid/15611/info PHP Doc System is prone to a local file-include vulnerability. This is due to the application's failure to properly sanitize user-supplied input. This may facilitate the unauthorized viewing of files and unauthorized execution of local PHP code...

Remote file include in Athena

Language: PHP Script: Athena Version: 0.1a Official website: http://sourceforge.net/projects/athena Problem: Remote file inclusion Discovered by: beford & GB Description: =========== A simple website management system written in oo php that uses a mysql database to store user and group rights and...

CVE-2005-3820

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. dot dot and null byte "%00" sequences in the 1 module parameter and 2 action parameter in the Leads...

CVE-2005-3820

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. dot dot and null byte "%00" sequences in the 1 module parameter and 2 action parameter in the Leads...

Q-News 2.0 - Remote File Inclusion

source: https://www.securityfocus.com/bid/15576/info Q-News is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer...

CVE-2005-3796

Direct static code injection vulnerability in adminoptionsmanage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this doe...

[SA17693] vtiger CRM Multiple Vulnerabilities

TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17693 VERIFY ADVISORY: http://secunia.com/advisories/17693/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access WHERE: From remote SOFTWARE...

Torrential 1.2 - Getdox.php Directory Traversal

Torrential 1.2 - Getdox.php Directory Traversal source: https://www.securityfocus.com/bid/15530/info Torrential is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. An attacker can exploit this issue to retrieve arbitrary remote PHP...

CVE-2002-2134

haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file...