[SA15862] Serendipity XML-RPC Unspecified PHP Code Execution Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2005-2086

PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code...

[Full-disclosure] [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2005-003 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2005-003 Date: 2005-jun-29 Security risk: highly critical Impact: system...

[SA15855] PostNuke XML-RPC Library PHP Code Execution Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA15864] Comdev News Publisher Cross-Site Scripting and PHP Code Execution

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[Full-disclosure] [DRUPAL-SA-2005-002] Drupal 4.6.2 / 4.5.4 fixes input validation issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2005-002 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2005-002 Date: 2005-jun-29 Security risk: highly critical Impact: system...

pear-XML_RPC -- arbitrary remote code execution

GulfTech Security Research Team reports: PEAR XMLRPC is vulnerable to a very high risk php code injection vulnerability due to unsanatized data being passed into an eval call...

phpBB 2.0.15 (highlight) Remote PHP Code Execution

No description provided by source. tested and working /str0ke !/usr/bin/pyth0n this exploit for phpBB 2.0.15 print "\nphpBB 2.0.15 arbitrary command execution eXploit" emulates a shell, print " 2005 by [email protected]" rather than print " well, just because there is none." sending a singl...

Re: [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug

On 28 Jun ‘05, at 14:47, ronvdaal wrote: Proof of concept: http://some.forum/viewtopic.php?p=postnum&highlight='.dieomghax.' Uh, whoops. Another suggested solution: Remove the highlight handling code in viewtopic.php or replace it with something that does not use the /e flag to pregreplace. As it...

Security Advisory - phpBB 2.0.15 PHP-code injection bug

Security Advisory -//- phpBB 2.0.15 PHP-code injection bug Program: phpBB 2.0.15 and older versions Homepage: http://www.phpbb.com Risk: Very High Date: June 28 2005 Title: PHP-code injection bug Type: partial disclosure Author: Ron van Daal :. Vendor notified: June 23 2005 Background: phpBB is a...

CVE-2005-1524

PHP file inclusion vulnerability in topgraphheader.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the configlibrarypath parameter...

CVE-2005-1524

PHP file inclusion vulnerability in topgraphheader.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the configlibrarypath parameter...

DEBIAN-CVE-2005-1524

PHP file inclusion vulnerability in topgraphheader.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the configlibrarypath parameter...

CVE-2005-1526

PHP remote file inclusion vulnerability in configsettings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the configincludepath parameter...

[Full-disclosure] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti config_settings.php Remote Code Execution Vulnerability

Multiple Vendor Cacti configsettings.php Remote Code Execution Vulnerability iDEFENSE Security Advisory 06.22.05 www.idefense.com/application/poi/display?id=266&type=vulnerabilities June 22, 2005 I. BACKGROUND Cacti is a round-robin database RRD tool that helps create graphs from database...

CVE-2002-1704

Zeroboard 4.1, when the "allowurlfopen" and "registerglobals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the zbpath parameter to reference a URL on a remote web server that contains the code...

CVE-2002-1707

install.php in phpBB 2.0 through 2.0.1, when "allowurlfopen" and "registerglobals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbbrootdir parameter to reference a URL on a remote web server that contains the code...

cuteNewsExec.txt

There is a vulnerability in the latest and to the best of my knowledge, all prior versions of CuteNews from CutePHP.com. CuteNews does not properly sanitize user input when an administrative account edits the template files. CuteNews takes HTML code from a web form and outputs it to a template fi...

Vulnerability: Bitrix Php inclusion

Vendor: Bitrix Product: Bitrix Site Manager 4.0.x Vulnerability: php including. Consequence: custom php code execution on server Risk: Critical Description: Due to unfiltered SERVERDOCUMENTROOT variable in file “bitrixmodulesmainstart.php”, hacker can upload php script from other server and execu...

CVE-2005-1868

I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension...