CVE-2007-2985

Pheap 2.0 allows remote attackers to bypass authentication by setting a pheaplogin cookie value to the administrator's username, which can be used to 1 obtain sensitive information, including the administrator password, via settings.php or 2 upload and execute arbitrary PHP code via an updatedoc...

CVE-2007-2985

CVE-2007-2985 affects Pheap 2.0. An attacker can bypass authentication by setting the pheap_login cookie to the administrator’s username, enabling (1) access to sensitive info, including the admin password via settings.php and (2) upload/execute arbitrary PHP code via the update_doc action in edi...

CVE-2007-2988

A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/createengine.php followed by a request to...

CVE-2007-2988

The CVE-2007-2988 entry describes a vulnerability in the Inout Meta Search Engine: an admin script redirects the browser but does not exit when admin credentials are missing, enabling remote attackers to inject arbitrary PHP code via a sequence of requests to admin/create_engine.php and then admi...

CVE-2007-2969

PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter...

RevokeBB 1.0 RC4 - Blind SQL Injection / Hash Retrieve

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love ------------------------------------------------------------- "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.="...

Remote file inclusion

PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...

CVE-2007-2939

Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to 1 ITX.php, 2 ITError.php, or 3 IT.php in include/pear/...

CVE-2007-2939

Maven/Mazen’s PHP Chat 3.0.0 is affected by multiple PHP remote file inclusion vulnerabilities. The issue arises when an attacker can supply a URL via the basepath parameter to include/pear/ITX.php, IT_Error.php, or IT.php, enabling remote code execution on the server. The CVE-2007-2939 entry doc...

Code injection

Direct static code injection vulnerability in adminconfig.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action...

CVE-2007-2899

Direct static code injection vulnerability in adminconfig.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action...

CVE-2007-2899

The CVE-2007-2899 entry affects NavBoard 2.6.0, with the vulnerability in admin_config.php allowing direct static code injection to data/config.php via multiple parameters (demonstrated via threadperpage in editconfig). Root cause: insecure handling of input leading to PHP code injection. Impact,...

inoutse-exec.txt

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc this is not a protection for two reasons: i everyone can make a cookie with false credentials ii there isn't any exit or die function after header'Location: index.php' Now look at create...

Inout Search Engine - Remote Code Execution

Inout Search Engine - Remote Code Execution !/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc this is not a protection for two reasons: i everyone can make a cookie with false credentials ii there isn't any exit or die function after...

CVE-2007-2859

Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the pathsimpgb parameter to 1 guestbook.php, 2 search.php, 3 mailer.php, 4 avatars.php, 5 ccode.php, 6 comments.php, 7 emoticons.php, 8 gbdownload.php, and possibl...

Unrestricted file upload

Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/...

CVE-2007-2777

Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/...

CVE-2007-2774

Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to 1 connect.php or 2 modules/startup.php...

CVE-2007-2779

PHP remote file inclusion vulnerability in templatecsv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfocontent parameter...

tsp-admin.txt

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage: php ".$argv0." Host Path ID password Host: target server ip/hostname Path: path of template ID: A Valid Admin ID usally 1 works for the 'admin' nickname password: The PWD you want ...