CVE-2009-1285

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

Code injection

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

phpMyAdmin配置文件PHP代码注入漏洞

BUGTRAQ ID: 34526 CVECAN ID: CVE-2009-1285 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin所使用的setup脚本没有正确地过滤配置参数，如果远程攻击者向服务器提交了恶意的POST请求，就可以在所生成的配置文件中注入任意PHP代码。 phpMyAdmin phpMyAdmin 3.x phpMyAdmin phpMyAdmin 2.11.x phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

phpMyAdmin Setup Script Configuration Parameters Arbitrary PHP Code Injection (PMASA-2009-4)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application. This version is affected by the following vulnerabilities : - The setup script inserts the unsanitize...

phpmyadmin -- insufficient output sanitizing when generating configuration file

phpMyAdmin Team reports: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. This...

Insufficient output sanitizing when generating configuration file.

PMASA-2009-4 Announcement-ID: PMASA-2009-4 Date: 2009-04-14 Summary Insufficient output sanitizing when generating configuration file. Description Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

CVE-2009-1278

Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X GBX 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php...

Code injection

Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X GBX 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php...

CVE-2009-1278

Gravity Board X (GBX) 2.0 BETA has a static code injection in forms/ajax/configure.php that allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php. Affected: GBX 2.0 BETA; vulnerable file: forms/ajax/configure.php. Root cause: configuration work...

CVE-2008-6651

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter...

Code injection

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter...

CVE-2008-6651

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter...

CVE-2008-6651

The CVE-2008-6651 entry covers a static code injection in OxYProject OxYBox 0.85, specifically in edithistory.php. The vulnerability arises because an attacker can inject arbitrary PHP code into oxyhistory.php through the oxymsg parameter, enabling remote code execution. The affected component is...

Jinzora name Parameter Local File Inclusion

The remote host is running Jinzora, a web-based media streaming and management system written in PHP. The version of Jinzora installed on the remote host fails to filter user-supplied input to the 'name' variable in the 'index.php' script when 'op' is set before using it to include PHP code...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the themedirectory parameter to 1 container.php and 2 header.php in themes/...

Sql injection

SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php...

CVE-2008-6593

SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php...

CVE-2008-6593

CVE-2008-6593 describes an SQL injection in LightNEasy SQLite 1.2.2 and earlier affecting lightneasy.php. The vulnerability allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php, due to insufficient input validation in the affected component. T...

FreeBSD : pivot-weblog -- file deletion vulnerability (0fe73a4a-1b18-11de-8226-0030843d3802)

Secunia reports : A vulnerability has been discovered in Pivot, which can be exploited by malicious people to delete certain files. Input passed to the 'refkey' parameter in extensions/bbclonetools/count.php is not properly sanitised before being used to delete files. This can be exploited to...

My Simple Forum 7.1 (LFI) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl My Simple Forum v7.1 Remote Command Execution Exploit Apache Log Poisoning/Injection Local File Inclusion at /theme/default/index.template.php?action=lf%00 XSS at /theme/default/index.template.php?Name=XSS - This needs Register Globals ON Credits ...