phpbb -- NULL byte injection vulnerability

Secunia reports: ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "avatarpath" parameter in admin/adminboard.php is not properly sanitised before being used as a configuration variable to store avatar...

CVE-2006-4678

PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the NEAbsPath parameter in 1 install.php and 2 migrateNE2toNE3.php...

phpBB <= 2.0.21 (Poison NULL Byte) Remote Exploit

No description provided by source. !/usr/bin/perl -w Author: ShAnKaR Title: multiple PHP application poison NULL byte vulnerability Applications: phpBB 2.0.21, punBB 1.2.12 Threat Level: Critical Original advisory in Russian: http://www.security.nnov.ru/Odocument221.html Poison NULL byte...

mcGalleryPRO <= 2006 (path_to_folder) Remote Include Vulnerability

Exploit for unknown platform in category web applications ================================================================== mcGalleryPRO = 2006 pathtofolder Remote Include Vulnerability ================================================================== SolpotCrew Community Mcgallerypro...

mcGalleryPRO &lt;= 2006 (path_to_folder) Remote Include Vulnerability

No description provided by source. SolpotCrew Community Mcgallerypro pathtofolder Remote File Inclusion Download file : http://phpforums.net/mcgp/mcgp.zip/mcgp.zip Bug Found By :Solpot a.k.a k. Hasibuan 10-09-2006 contact: [email protected] Website :...

mcGalleryPRO 2006 - &#039;path_to_folder&#039; Remote File Inclusion

SolpotCrew Community Mcgallerypro pathtofolder Remote File Inclusion Download file : http://phpforums.net/mcgp/mcgp.zip/mcgp.zip Bug Found By :Solpot a.k.a k. Hasibuan 10-09-2006 contact: [email protected] Website : http://www.nyubicrew.org/adv/solpot-adv-06.txt Greetz: choi , h4ntu ,...

PT-2006-5449 · Premod · Premod Shadow

Name of the Vulnerable Software and Affected Versions: Premod Shadow versions 2.7.1 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter in the includes/functions portal.php file. Recommendations: For Premod Shadow...

CVE-2006-4644

PHP remote file inclusion vulnerability in modules/home.module.php in phpFullAnnu 5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the repmod parameter...

CVE-2006-4649

PHP remote file inclusion vulnerability in bpnews.php in BinGo News BP News 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter...

CVE-2006-4630

PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mymsroot parameter...

CVE-2006-4635

Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in WebExtensions - Notitia I/II. NOTE: due to lack of details, it is not...

CVE-2006-4629

PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2006-4631

Direct static code injection vulnerability in admin/saveopt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cacheforum parameter, which saves the code to infooptions.php, which is accessible via a direct request...

CVE-2006-4635

Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in WebExtensions - Notitia I/II. NOTE: due to lack of details, it is not...

CVE-2006-4635

The CVE-2006-4635 entry affects MySource Classic 2.14.6 (and possibly earlier). It describes remote authenticated users with superuser privileges who can inject arbitrary PHP code via the Equation attribute in Web_Extensions - Notitia (I/II). The exact vulnerability type (file inclusion, static c...

[SA21825] Somery &quot;skindir&quot; File Inclusion Vulnerability

TITLE: Somery "skindir" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA21825 VERIFY ADVISORY: http://secunia.com/advisories/21825/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Somery 0.x http://secunia.com/product/11898/ DESCRIPTION: basher13 has reported a...

CVE-2006-4596

PHP remote file inclusion in MyBace Light Skrip, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the 1 hauptverzeichniss parameter in includes/logincheck.php and the 2 templateback parameter in admin/login/content/userdaten.php...

CVE-2006-4610

PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter...

softbb01.txt

!/usr/bin/perl Affected.scr..: SoftBB 0.1 Poc.ID........: 11060904 Type..........: PHP code execution, SQL Injection, Full Path Disclosure Risk.level....: High Vendor.Status.: Unpatched Src.download..: softbb.be Poc.link......: acid-root.new.fr/poc/11060904.txt Advisory.link.:...

CVE-2006-4605

The CVE describes a PHP remote file inclusion vulnerability in Longino Jacome php-Revista 1.1.2, exploitable via the adodb parameter in index.php, allowing remote attackers to execute arbitrary PHP code. The NVD entry records a CVSS v2 base score of 7.5 (HIGH) with network attack vector and low a...