CVE-2005-2571

FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the 1 admin/mysqlinstall.php and 2 admin/pginstall.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php...

CVE-2005-2568

Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "" and "" curly bracket characters, which are processed by the PHP eval function...

CVE-2005-2571

FunkBoard 0.66CF (and possibly earlier) has an access-control flaw: the admin/mysql_install.php and admin/pg_install.php scripts are not properly restricted, allowing an attacker to obtain the database username and password or inject arbitrary PHP code into info.php. The issue is described as a l...

[Full-disclosure] [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2005-004 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2005-004 Date: 2005-aug-15 CVE ID: CAN-2005-2498 Security risk: highly...

CVE-2005-2544

PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the pathdocroot parameter...

SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities

The remote host is running SysCP, an open source control panel written in PHP. The version of SysCP installed on the remote host uses user-supplied input to several variables in various scripts without sanitizing it. Provided PHP's 'registerglobals' setting is enabled, an attacker can exploit the...

Gravity Board X 1.1 - CSS Template Unauthorized Access

Gravity Board X 1.1 - CSS Template Unauthorized Access source: https://www.securityfocus.com/bid/14502/info Gravity Board X GBX is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to...

Gravity Board X 1.1 - CSS Template Unauthorized Access

source: https://www.securityfocus.com/bid/14502/info Gravity Board X GBX is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to privileged functions. An attacker can exploit this...

FlatNuke < 2.5.6 Multiple Remote Vulnerabilities

The remote host is running FlatNuke, a content management system written in PHP that uses flat files rather than a database for its storage. The version of FlatNuke installed on the remote host suffers from several flaws: - Arbitrary PHP Code Execution Vulnerability The application fails to remov...

Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal)

The remote host is running eCommerce, a web-based shopping system from Comdev. The installed version of eCommerce allows remote attackers to control the 'pathdocroot' parameter used when including PHP code in the 'config.php' script. By leveraging this flaw, an attacker may be able to view...

CVE-2005-2437

The CVE-2005-2437 entry concerns Website Baker Project, where uploaded file extensions are not properly verified. This allows remote attackers to upload and execute arbitrary PHP code due to the insufficient validation of the file type during upload. The available references (NVD, CVE, CVEList) c...

CVE-2005-2437

Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code...

CVE-2005-2437

Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code...

Atomic Photo Album 0.x1.0 - Apa_PHPInclude.INC.php Remote File Inclusion

Atomic Photo Album 0.x1.0 - ApaPHPInclude.INC.php Remote File Inclusion source: https://www.securityfocus.com/bid/14368/info Atomic Photo Album is susceptible to a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...

[SECURITY] [DSA 764-1] New cacti packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 764-1 [email protected] http://www.debian.org/security/ Martin Schulze July 21st, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 764-1] New cacti packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 764-1 [email protected] http://www.debian.org/security/ Martin Schulze July 21st, 2005 http://www.debian.org/security/faq -...

CVE-2005-2331

PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter...

CVE-2005-2328

PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 and 0.3.2.7 allows remote attackers to execute arbitrary PHP code via the CFGPATH variable...

CVE-2005-2331

PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter...

SUSE-SA:2005:041: php/pear XML::RPC

The remote host is missing the patch for the advisory SUSE-SA:2005:041 php/pear XML::RPC. A bug in the PEAR::XMLRPC library allowed remote attackers to pass arbitrary PHP code to the eval function. The updated php packages fix the XML::RPC bug, however several third party PHP packages include a...