CVE-2007-5720

CVE-2007-5720 : Affected product: ProfileCMS 1.0. The vulnerability is an unrestricted file upload in the profiles script that allows remote attackers to upload and execute arbitrary PHP code via profile creation. The NVD entry lists a CVSS v2 base score of 6.8 (NETWORK, MEDIUM) with partial impa...

Code injection

Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. NOTE: the provenance of this information is unknown; the detai...

CVE-2007-5705

Technical details about CVE-2007-5705 are not publicly available in the provided connected documents; the entry notes remote code execution via settings.inc.php in Jeebles Directory 2.9.60. Monitor for updates.

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the xarg parameter to 1 xargcorner.php, 2 xargcornerbottom.php, and 3 xargcornertop.php...

CVE-2007-5693

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...

Design/Logic Flaw

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...

CVE-2007-5693

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...

[Full-disclosure] Advisory SE-2007-01: TikiWiki Remote PHP Code Evaluation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: TikiWiki Remote PHP Code Evaluation Vulnerability Release Date: 2007/10/29 Last Modified: 2007/10/29 Author: Stefan Esser stefan.esseratsektioneins.de Application: TikiWiki = 1.9.8....

CVE-2002-2319

CVE-2002-2319 affects MySimpleNews: a static code injection vulnerability in users.php allows remote attackers to inject arbitrary PHP code and HTML via the LOGIN, DATA, and MESS parameters, which are inserted into news.php3. This indicates input handling flaws that enable arbitrary code executio...

TikiWiki < 1.9.8.2 Multiple Scripts Local File Inclusion

The remote host is running TikiWiki, an open source wiki application written in PHP. The version of TikiWiki installed on the remote host fails to sanitize input to the 'errorhandlerfile' and/or 'localphp' parameters before using them to include PHP code. Provided PHP's 'registerglobals' setting ...

Flatnuke3 Remote Cookie Manipoulation / Privilege Escalation

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

Remote file inclusion

PHP remote file inclusion vulnerability in modules/Forums/favorites.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary PHP code via a URL in the nukebbrootpath parameter...

OSI CODES - PHP Live! Remote File Inclusion

Aria-Security Team http://Aria-Security.Net Persian Security Network Source Code: ? / COPYRIGHT OSI CODES - PHP Live! / sessionstart ; $l = "" ; // try to get cookie value first if isset $HTTPCOOKIEVARS'COOKIEPHPLIVESITE' $l = $HTTPCOOKIEVARS'COOKIEPHPLIVESITE' ; if isset $HTTPGETVARS'l' $l =...

Flatnuke 3 - Remote Cookie Manipulation Privilege Escalation

Flatnuke 3 - Remote Cookie Manipulation Privilege Escalation --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

CVE-2003-1402

PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the urlhit parameter, a different vulnerability than CVE-2006-5015...

Design/Logic Flaw

Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftps, 3 ssh2.sftp, or 4 ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https...

CVE-2003-1385

ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if registerglobals is enabled, by modifying the rootpath parameter to reference a URL on a remote web server that contains the code...

Remote file inclusion

PHP remote file inclusion vulnerability in lib/fckeditor/uploadconfig.php in Galmeta Post 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the DDS parameter...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in 1024 CMS 1.2.5 allows remote attackers to perform some actions as administrators, as demonstrated by 1 an unspecified action that creates a file containing PHP code and 2 unspecified use of the forum component. NOTE: the provenance of this...

Remote file inclusion

PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...