CVE-2006-1563

Direct static code injection vulnerability in config.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other VBook scripts...

VihorDesign - index.php Remote File Inclusion

VihorDesign - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/17227/info VihorDesign is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include...

VihorDesign - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17227/info VihorDesign is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious...

CVE-2006-1252

Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...

Sql injection

Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...

PHP iCalendar publish.ical.php Arbitrary File Upload

The remote host appears to be running PHP iCalendar, a web-based iCal file viewer / parser written in PHP. The installed version of PHP iCalendar supports iCal publishing but does not properly restrict the types of files uploaded and places them in a web-accessible directory. An unauthenticated...

Code injection

Direct static code injection vulnerability in addlink.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the urlname parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement...

CVE-2006-1200

Direct static code injection vulnerability in addlink.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the urlname parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement...

CVE-2006-1200

Direct static code injection vulnerability in addlink.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the urlname parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement...

CVE-2006-1200

CVE-2006-1200 describes a direct static code injection in the add_link.txt component of the daverave Link Bank, where the url_name parameter is stored in links.txt without sanitization and later used in an include statement. This enables remote attackers to execute arbitrary PHP code and potentia...

[SA19165] Nodez "op" File Inclusion and Cross-Site Scripting

TITLE: Nodez "op" File Inclusion and Cross-Site Scripting SECUNIA ADVISORY ID: SA19165 VERIFY ADVISORY: http://secunia.com/advisories/19165/ CRITICAL: Highly critical IMPACT: Cross Site Scripting, System access WHERE: From remote SOFTWARE: Nodez 4.x http://secunia.com/product/8640/ DESCRIPTION:...

PHORUM 3.x/5.x - 'Common.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/16977/info The PHORUM application is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containin...

LogIT 1.31.4 - Remote File Inclusion

LogIT 1.31.4 - Remote File Inclusion source: https://www.securityfocus.com/bid/16932/info LogIT is prone to a remote file-include vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input. Attackers may specify remotely hosted script files to be execut...

LogIT 1.3/1.4 - Remote File Inclusion

source: https://www.securityfocus.com/bid/16932/info LogIT is prone to a remote file-include vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input. Attackers may specify remotely hosted script files to be executed in the context of the webserver...

Code injection

Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php...

MySQL 5.0.18 - Query Logging Bypass

source: https://www.securityfocus.com/bid/16850/info MySQL is prone to a query-logging-bypass vulnerability. This issue is due to a discrepancy between the handling of NULL bytes in the 'mysqlrealquery' function and in the query-logging functionality. This issue allows attackers to bypass the...

CVE-2006-0891

Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. dot dot sequences and a trailing NULL %00 byte in 1 the SESSION'nocctheme' parameter in a html/footer.php; and 2 the lang and 3 theme parameters and the 4 Accept-Language HTTP...

CVE-2006-0852

Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php...

NOCC 1.0 - no_mail.php?html_no_mail Cross-Site Scripting

NOCC 1.0 - nomail.php?htmlnomail Cross-Site Scripting source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit the...

NOCC 1.0 - 'no_mail.php?html_no_mail' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject arbitrary PHP code and execute it ...