CVE-2008-6530

Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file...

CVE-2008-6530

Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file...

CVE-2008-6530

The CVE-2008-6530 entry describes an Unrestricted file upload in editimage.php of eZoneScripts Living Local 1.1 . The vulnerability permits remote authenticated administrators to upload a file with an executable extension and then access it directly to execute arbitrary PHP code. This can comprom...

CVE-2009-1151

CVE-2009-1151 affects phpMyAdmin 2.11.x (before 2.11.9.5) and 3.x (before 3.1.3.1). The flaw is a static code injection in setup.php that lets a remote attacker inject arbitrary PHP code into the generated configuration file via the save action. The issue arises from insufficient validation/misco...

phpMyAdmin 'setup.php' PHP Code Injection Vulnerability

Description phpMyAdmin is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks...

[SA34410] PHP Classifieds Cross-Site Scripting and File Upload Vulnerabilities

---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: Vulnerability Research Software Inspection Results Secunia Research Highlights Secunia Advisory Statistics...

Insufficient output sanitizing when generating configuration file.

PMASA-2009-3 Announcement-ID: PMASA-2009-3 Date: 2009-03-24 Summary Insufficient output sanitizing when generating configuration file. Description Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

Remote file inclusion

PHP remote file inclusion vulnerability in slideshowuploadvideo.content.php in SharedLog, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSrootdir parameter...

FreeBSD : roundcube -- webmail script insertion and php code injection (35c0b572-125a-11de-a964-0030843d3802)

Secunia reports : Some vulnerabilities have been reported in RoundCube Webmail, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct script insertion attacks and compromise a vulnerable system. The HTML 'background' attribute within e.g...

Dagger RFI Vulnerability (Mar 2009) - Active Check

Dagger is prone to a remote file include RFI vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

GhostScripter Amazon Shop Multiple Vulnerabilities (Mar 2009) - Active Check

Amazon Shop is prone to multiple vulnerabilities, including a cross-site scripting issue, a directory-traversal issue, and multiple remote file-include issues, because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be...

Code injection

Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter...

Authentication flaw

Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information...

CVE-2008-6446

Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter...

CVE-2008-6446

Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter...

CVE-2008-6445

Technical details about CVE-2008-6445 are not publicly available in the provided documents. The entries repeat generic vulnerability notes with no concrete affected versions, exploit vectors, or remediation steps.

CVE-2008-6445

Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information...

CMS S.Builder 3.7 Remote File Inclusion

CMS S.Builder = 3.7 RFI Vulnerability Information: Vendor: http://www.sbuilder.ru Affected versions: 3.7 and possibly later versions Description: The engine of this cms makes site files index.php, etc with code like: --- PHP Code: if !isset$GLOBALS'binnincludepath' $GLOBALS'binnincludepath' = '';...

cms s.builder 3.7 - Remote File Inclusion

CMS S.Builder = 3.7 RFI Vulnerability Information: Vendor: http://www.sbuilder.ru Affected versions: 3.7 and possibly later versions Description: The engine of this cms makes site files index.php, etc with code like: --- PHP Code: if !isset$GLOBALS'binnincludepath' $GLOBALS'binnincludepath' = '';...

Remote file inclusion

PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpldir parameter...