CVE-2008-6132

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...

Sql injection

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...

CVE-2008-6132

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...

FreeBSD : codeigniter -- arbitrary script execution in the new Form Validation class (83574d5a-f828-11dd-9fdf-0050568452ac)

znirkel reports : The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...

Code injection

Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the 1 username and 2 password parameters. NOTE: the provenance of this information is unknown; the details are...

CVE-2008-6119

Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the 1 username and 2 password parameters. NOTE: the provenance of this information is unknown; the details are...

CVE-2009-0517

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

Sql injection

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

CVE-2009-0517

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

CVE-2008-6103

PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter...

CVE-2009-0495

PHP remote file inclusion vulnerability in include/define.php in REALTOR 747 4.11 allows remote attackers to execute arbitrary PHP code via a URL in the INCDIR parameter...

Hedgedog CMS 1.21 LFI / Command Execution

!/usr/bin/perl |----------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS | |----------------------------------------------------------------------------------------------------------------------------------|...

Hedgehog-CMS 1.21 (LFI) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl |----------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS |...

Hedgehog-CMS 1.21 (LFI) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ======================================================== Hedgehog-CMS 1.21 LFI Remote Command Execution Exploit ======================================================== !/usr/bin/perl...

Hedgehog-CMS 1.21 - Local File Inclusion Remote Command Execution

Hedgehog-CMS 1.21 - Local File Inclusion Remote Command Execution !/usr/bin/perl |----------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS |...

Unrestricted file upload

Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory...

CVE-2008-6084

Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory...

CVE-2008-6084

Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory...

Jaws language Parameter Multiple Local File Includes

Jaws, a Framework and Content Management System for building dynamic websites, is installed on the remote system. The installed version fails to filter input to the 'language' parameter before using it to include PHP code in '/upgrade/index.php' and '/install/index.php'. Regardless of PHP's...

CMS Mini <= 0.2.2 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================== CMS Mini ". "\n+ Ex. : php xpl.php localhost /CMSmini". "\n\n"; if $argc != 3 usage; $hostname = $argv 1; $path = $argv 2; $fp = fsockopen $hostname, 80; $post = "message="; $request = "PO...