CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...

DoceboLMS <= 2.0.4 connector.php Shell Upload Exploit

No description provided by source. ?php ---docebo204xpl.php 15.38 04/12/2005 DoceboLMS AKA SpaghettiLearning= 2.0.4 connector.php Shell Upload coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "This is called, using the conquered...

Remote file include in Athena

Language: PHP Script: Athena Version: 0.1a Official website: http://sourceforge.net/projects/athena Problem: Remote file inclusion Discovered by: beford & GB Description: =========== A simple website management system written in oo php that uses a mysql database to store user and group rights and...

CVE-2005-3820

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. dot dot and null byte "%00" sequences in the 1 module parameter and 2 action parameter in the Leads...

CVE-2005-3820

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. dot dot and null byte "%00" sequences in the 1 module parameter and 2 action parameter in the Leads...

Torrential 1.2 - Getdox.php Directory Traversal

Torrential 1.2 - Getdox.php Directory Traversal source: https://www.securityfocus.com/bid/15530/info Torrential is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. An attacker can exploit this issue to retrieve arbitrary remote PHP...

CVE-2003-1251

CVE-2003-1251 affects the N/X Web Content Management System. The vulnerable scripts are (1) menu.inc.php, (2) datasets.php, and (3) mass_operations.inc.php (often misspelled as mass_opeations.inc.php). The vulnerability arises from a remote-file-include flaw where a c_path references a URL on a r...

CVE-2002-2130

publishxpdocs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERYBASEDIR parameter to reference a URL on a remote web server that contains the code...

Alstrasoft Template Seller Pro 3.25 - Remote File Inclusion

source: https://www.securityfocus.com/bid/15441/info Template Seller Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an...

osTicket < 1.2.7 Attachment Code Execution Vulnerability - Active Check

The target is running at least one instance of osTicket that enables a remote user to open a new ticket with an attachment containing arbitrary PHP code and then to run that code using the permissions of the web server user. SPDX-FileCopyrightText: 2005 George A. Theall Some text descriptions mig...

CVE-2005-3420

usercpregister.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signaturebbcodeuid parameter, as demonstrated by injecting an "e" modifier into a pregreplace statement...

CVE-2005-3420

usercpregister.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signaturebbcodeuid parameter, as demonstrated by injecting an "e" modifier into a pregreplace statement...

Mantis Bug Tracker 0.19.21.0 - Bug_sponsorship_list_view_inc.php File Inclusion

Mantis Bug Tracker 0.19.21.0 - Bugsponsorshiplistviewinc.php File Inclusion source: https://www.securityfocus.com/bid/15212/info Mantis is prone to a remote and local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacke...

Mantis Bug Tracker 0.19.2/1.0 - &#039;Bug_sponsorship_list_view_inc.php&#039; File Inclusion

source: https://www.securityfocus.com/bid/15212/info Mantis is prone to a remote and local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote and local PHP code on a...

Flyspray Multiple Vulnerabilities

Binary data 3269.prm...

CVE-2005-3153

login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a differe...

Debian DSA-842-1 : egroupware - missing input sanitising

Stefan Esser discovered a vulnerability in the XML-RPC libraries which are also present in egroupware, a web-based groupware suite, that allows injection of arbitrary PHP code into eval statements. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

MolyX vulnerability analysis-vulnerability warning-the black bar safety net

Text/SuperHei·Safety AngelS4T 2005.09.21 Nonsense: MolyX Board（hereinafter referred to MXB is MolyX Studios group as if that is CNVBB team development of PHP Forum program, MXB fusion of many forums, absorbing, powerful. The multi-year Forum program finished and improved experience also makes the...

PunBB < 1.2.8 Multiple Vulnerabilities

According to its banner, the version of PunBB installed on the remote host suffers from several flaws. - A File Include Vulnerability The application fails to validate the 'language' parameter when a user updates his profile and uses that throughout the application to require PHP code in order to...

PunBB < 1.2.8 Multiple Vulnerabilities

Binary data 3235.prm...