CVE-2005-2437

Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code...

[SECURITY] [DSA 764-1] New cacti packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 764-1 [email protected] http://www.debian.org/security/ Martin Schulze July 21st, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 764-1] New cacti packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 764-1 [email protected] http://www.debian.org/security/ Martin Schulze July 21st, 2005 http://www.debian.org/security/faq -...

CVE-2005-2331

PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter...

GLSA-200507-06 : TikiWiki: Arbitrary command execution through XML-RPC

The remote host is affected by the vulnerability described in GLSA-200507-06 TikiWiki: Arbitrary command execution through XML-RPC TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact : A remote attacker could exploit this vulnerability to execute arbitrary...

CVE-2005-2162

PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter...

TikiWiki: Arbitrary command execution through XML-RPC

Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP XML-RPC code. Description TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact A remote attacker could exploit this...

CVE-2005-2106

Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting...

osTicket <= 1.3.1 Multiple Vulnerabilities

The version of osTicket installed on the remote host suffers from several vulnerabilities, including: - A Local File Include Vulnerability The application fails to sanitize user-supplied input to the 'inc' parameter in the 'view.php' script. An attacker may be able to exploit this flaw to run...

osTicket < 1.3.1 Multiple Vulnerabilities

Binary data 3046.prm...

DSA-840-1 drupal - missing input sanitising

Bulletin has no description...

CVE-2005-2106

Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting...

CVE-2005-1921

CVE-2005-1921 is a remote PHP code execution vulnerability in PEAR XML_RPC (&lt;=1.3.0) and PHPXMLRPC (

phpBB 2.0.15 (highlight) Remote PHP Code Execution

No description provided by source. tested and working /str0ke !/usr/bin/pyth0n this exploit for phpBB 2.0.15 print "\nphpBB 2.0.15 arbitrary command execution eXploit" emulates a shell, print " 2005 by [email protected]" rather than print " well, just because there is none." sending a singl...

CVE-2005-1524

PHP file inclusion vulnerability in topgraphheader.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the configlibrarypath parameter...

CVE-2002-1704

Zeroboard 4.1, when the "allowurlfopen" and "registerglobals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the zbpath parameter to reference a URL on a remote web server that contains the code...

CVE-2002-1707

install.php in phpBB 2.0 through 2.0.1, when "allowurlfopen" and "registerglobals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbbrootdir parameter to reference a URL on a remote web server that contains the code...

cuteNewsExec.txt

There is a vulnerability in the latest and to the best of my knowledge, all prior versions of CuteNews from CutePHP.com. CuteNews does not properly sanitize user input when an administrative account edits the template files. CuteNews takes HTML code from a web form and outputs it to a template fi...

CVE-2005-1894

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker...

CVE-2005-1894

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing code into the Referer header, which is injected into referer.php. Affected software: FlatNuke 2.5.3. Root cause: unsafely handling the Referer header leads to code execution. Imp...