Flyspray Multiple Vulnerabilities

Binary data 3269.prm...

Belchior Foundry VCard 2.9 - Remote File Inclusion

Belchior Foundry VCard 2.9 - Remote File Inclusion source: https://www.securityfocus.com/bid/15207/info vCard is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute...

phpMyAdmin < 2.6.4-pl3 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote host is affected by a local file inclusion vulnerability that can be exploited by an unauthenticated attacker to read arbitrary files, and possibly even to execute arbitrary PHP code on the affected host subject to the permissions of the web serve...

Mantis Bug Tracker 0.19.2/1.0 - &#039;Bug_sponsorship_list_view_inc.php&#039; File Inclusion

source: https://www.securityfocus.com/bid/15212/info Mantis is prone to a remote and local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote and local PHP code on a...

CVE-2005-3304

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via 1 the username parameter in the Your Account page, 2 the url parameter in the Downloads module, and 3 the description parameter in the WebLinks module...

CVE-2005-3153

login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a differe...

Debian DSA-840-1 : drupal - missing input sanitising

Stefan Esser of the Hardened-PHP Project reported a serious vulnerability in the third-party XML-RPC library included with some Drupal versions. An attacker could execute arbitrary PHP code on a target site. This update pulls in the latest XML-RPC version from upstream. %NASLMINLEVEL 70300 C...

Debian DSA-842-1 : egroupware - missing input sanitising

Stefan Esser discovered a vulnerability in the XML-RPC libraries which are also present in egroupware, a web-based groupware suite, that allows injection of arbitrary PHP code into eval statements. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

SQL injection and PHP code execution

Wolfgang Ziegler has discovered multiple security vulnerabilities in the contributed flexinode module. Versions affected Please check the CVS $Id$ fields in the following files to determine whether the version of the flexinode module you are running is vulnerable. All versions older than the...

MolyX vulnerability analysis-vulnerability warning-the black bar safety net

Text/SuperHei·Safety AngelS4T 2005.09.21 Nonsense: MolyX Board（hereinafter referred to MXB is MolyX Studios group as if that is CNVBB team development of PHP Forum program, MXB fusion of many forums, absorbing, powerful. The multi-year Forum program finished and improved experience also makes the...

PunBB < 1.2.8 Multiple Vulnerabilities

According to its banner, the version of PunBB installed on the remote host suffers from several flaws. - A File Include Vulnerability The application fails to validate the 'language' parameter when a user updates his profile and uses that throughout the application to require PHP code in order to...

PunBB < 1.2.8 Multiple Vulnerabilities

Binary data 3235.prm...

CVE-2005-3010

CVE-2005-3010 affects CuteNews (version 1.4.0 and earlier). A direct static code injection vulnerability in the flood protection feature (inc/shows.inc.php) allows a remote attacker to inject and execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flo...

CuteNews flood.db.php HTTP Header PHP Code Injection

Binary data 3230.prm...

CVE-2005-2893

Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username u parameter, which is directly injected into a file that is later executed upon login...

CVE-2005-2893

CVE-2005-2893 affects PBLang 4.65 (and possibly earlier). The vulnerability is a direct static code injection in setcookie.php where the username parameter (u) is directly injected into a file that is later executed upon login, enabling remote code execution. The available sources identify the vu...

CVE-2005-2893

Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username u parameter, which is directly injected into a file that is later executed upon login...

AMember Multiple Script config[root_dir] Parameter Remote File Inclusion

The remote host appears to be running AMember, a commercial membership and subscription management script written in PHP. The version of AMember installed on the remote host fails to properly sanitize user-supplied input to the 'configrootdir' parameter before using it in several scripts to inclu...

CVE-2005-2775

phpapi.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $tpathcore, which leads to a PHP file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code via the tpathcore parameter...

CVE-2005-2781

The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code...