FreeBSD : mantis -- php code execution vulnerability (af2745c0-c3e0-11dd-a721-0030843d3802)

Secunia reports : EgiX has discovered a vulnerability in Mantis, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the 'sort' parameter in manageprojpage.php is not properly sanitised before being used in a 'createfunction' call. This can be exploited to...

CVE-2008-5334

PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter...

CVE-2008-5288

PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter...

CVE-2008-5210

Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATHTOCODE parameter to 1 script/init/createallimagecache.php, 2 allincludefortick.php and 3 test.php in script/tick/, and 4...

CVE-2008-5173

Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors...

Remote file inclusion

PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConfdirlayouts parameter...

CVE-2008-5173

Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors...

minigal-disclose.txt

...

Minigal b13 - Remote File Disclosure

?php settimelimit0; function findpass$data $pass = explode'$adminpass = "',$data; if$pass1!="" echo"Vuln exploited enjoy !\n"; sleep1; echo"Admin hash == ".substr$pass1,0,32."\n"; else echo"Exploit failed!!!!"; function send$pack,$host,$port $ret = ""; $desc = fsockopen$host,$port,$errno, $errstr...

CVE-2008-5090

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the pregreplace function with the eval switch...

CVE-2008-5090

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the pregreplace function with the eval switch...

Sql injection

Multiple eval injection vulnerabilities in itpmestimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the projid parameter...

CVE-2008-5071

Multiple eval injection vulnerabilities in itpmestimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the projid parameter...

CVE-2008-5071

The CVE-2008-5071 issue affects Yoxel software (version 1.23beta and earlier) where itpm_estimate.php is vulnerable to multiple eval injection flaws. The underlying cause is eval-based code execution triggered by the proj_id parameter, allowing remote authenticated users to run arbitrary PHP code...

Remote file inclusion

PHP remote file inclusion vulnerability in upload/admin/frontpageright.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter...

CVE-2008-5060

Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to 1 exportbatch.inc.php, 2 runautosuspend.cron.php, and 3 sendemailcache.php in include/scripts/; 4...

CVE-2008-5053

PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader comrssreader 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in Admin/ADMPagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter...

CVE-2008-5053

PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader comrssreader 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...