7219 matches found
CVE-2009-3705
PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the configatkroot parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9.4.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathToIndex parameter to 1 Calendar.php, 2 Comment.php, 3 Rss.php and 4 Trackback.php in lib/Loggix/Module/; and 5...
DSA-1897-1 horde3 - arbitrary code execution
Bulletin has no description...
CVE-2009-3324
PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sPath parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sPath parameter...
CVE-2009-3306
PHP remote file inclusion vulnerability in include/header.php in ClearSite 4.50 allows remote attackers to execute arbitrary PHP code via a URL in the csbasepath parameter...
CVE-2009-3236
The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...
Design/Logic Flaw
The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...
CVE-2009-3236
The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...
CVE-2009-3220
PHP remote file inclusion vulnerability in cphtml2txt.php in All In One Control Panel AIOCP 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...
Siemens Gigaset SE361 Wlan - Remote Reboot
Attacking port 1723flood, it restarts the device almost instantly, here's the code in PHP. It takes a few bytes for the AP to automatically restart ?php $apaddr = "192.168.2.1"; $apport="1723"; $con = fsockopen$apaddr, $apport, $errno, $errstr; if !$con echo "$errstr $errnobr /n"; else $trash =...
CVE-2009-3174
PHP remote file inclusion vulnerability in fonctionsracine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cheminlib parameter...
Siemens Gigaset SE361 Wlan Reboot Exploit
Attacking port 1723flood, it restarts the device almost instantly, here's the code in PHP. It takes a few bytes for the AP to automatically restart \n"; else $trash = strrepeat"\x90","261"; fwrite$con, $trash; while !feof$con echo "$trash \r\n"; fclose$con; ?...
Siemens Gigaset SE361 WLAN - Remote Reboot (Denial of Service)
Siemens Gigaset SE361 WLAN - Remote Reboot Denial of Service Attacking port 1723flood, it restarts the device almost instantly, here's the code in PHP. It takes a few bytes for the AP to automatically restart \n"; else $trash = strrepeat"\x90","261"; fwrite$con, $trash; while !feof$con echo "$tra...
Remote file inclusion
PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the evacaminho parameter to index.php...
PABox管理控制面板PHP代码注入漏洞
BUGTRAQ: 8068 paBox的管理员控制面板模块在增加禁止用户访问功能上存在问题,远程攻击者可以利用这个漏洞以WEB权限在系统上执行任意命令。 用户如果可以登录管理员控制版面,由于bannedusers.php脚本对用户提交的URI变量缺少充分检查,攻击者可以通过全局注入来进行变量定义,指定远程系统中的PHP文件作为参数提交给 $file 变量,可导致以WEB进程权限执行PHP文件中包含的恶意代码。 paBox 1.6 厂商补丁: PHP Arena --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
CVE-2009-3055
PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine DLE 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dleconfigapi parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in editor/edithtmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter...
CVE-2009-3065
PHP remote file inclusion vulnerability in editor/edithtmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter...