CVE-2001-1468

MODE C CVE-2001-1468 describes a PHP remote file inclusion in phpSecurePages where checklogin.php (and related components) allows arbitrary code execution if an attacker modifies the cfgProgDir parameter to reference a URL on a remote server. Connected advisories reiterate a code-execution vulner...

CVE-2001-1471

CVE-2001-1471 affects phpBB versions 1.4.0 and earlier. The root cause is an invalid language value in prefs.php (and related auth.php handling) that can let a remote authenticated user modify variables (e.g., $l_statsblock, $l_privnotify) and later use them in an eval, enabling arbitrary PHP cod...

CVE-2005-1169

Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php...

GLSA-200503-35 : Smarty: Template vulnerability

The remote host is affected by the vulnerability described in GLSA-200503-35 Smarty: Template vulnerability A vulnerability has been discovered within the regexreplace modifier of the Smarty templates when allowing access to untrusted users. Furthermore, it was possible to call functions from if...

Smarty: Template vulnerability

Background Smarty is a template engine for PHP. The "template security" feature of Smarty is designed to help reduce the risk of a system compromise when you have untrusted parties editing templates. Description A vulnerability has been discovered within the regexreplace modifier of the Smarty...

CVE-2005-0931

PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code...

CVE-2005-0909

PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter...

CVE-2005-0913

Smarty vulnerability CVE-2005-0913 affects the regex_replace modifier in Smarty versions before 2.6.8, enabling attackers to execute arbitrary PHP code. The Gentoo GLSA and related open-source advisories describe a remote code execution risk via the template engine’s regex_replace modifier when u...

CVE-2005-0887

Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in 1 functions.inc.php or 2 main.php, which causes code to be injected into an eval statement...

CVE-2005-0887

Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in 1 functions.inc.php or 2 main.php, which causes code to be injected into an eval statement...

Double Choco Latte 0.9.30.9.4 - main.php Arbitrary PHP Code Execution

Double Choco Latte 0.9.30.9.4 - main.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry...

[SA14688] Double Choco Latte Cross-Site Scripting and PHP Code Execution

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Double Choco Latte Cross-Site Scripting and PHP Code...

Double Choco Latte 0.9.3/0.9.4 - 'main.php' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting/HTML injection attacks and execute arbitrary...

CVE-2005-0800

PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720...

PHP mcNews arbitrary file inclusion

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- BadRoot Security Advisory 2005-0x01 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Thu Mar 17 2005 - 00:46 am GMT +1 Product: mcNews =1.3 successfully exploited on 1.3 Vendor: http://www.phpforums.net/index.php?dir=dld Home Page Type: Arbitrary fil...

paNews 2.0.4b Multiple Input Validation Vulnerabilities

The remote host is running a version of paNews that suffers from the following vulnerabilities: - SQL Injection Issue in the 'login' method of includes/auth.php. A remote attacker can leverage this vulnerability to add users with arbitrary privileges. - Local Script Injection Vulnerability in...

CVE-2005-0698

PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the 1 GPATH parameter to init.inc.php or the 2 PATH parameter to index.php to reference a URL on a remote web server that contains the code...

CVE-2005-0645

CVE-2005-0645 describes a cross-site scripting (XSS) vulnerability in CuteNews 1.3.6. The flaw allows an attacker to inject arbitrary HTML, web script, and PHP code via the CLIENT-IP or X-FORWARDED-FOR headers in an HTTP POST to show_news.php. Affected component is show.inc.php in CuteNews 1.3.6....

CVE-2005-0647

The CVE-2005-0647 entry concerns paNews 2.0.4b. Vulnerability: in admin_setup.php, remote attackers can inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. This is a local script injection affecting paNews’s configuration fi...

CVE-2005-0647

adminsetup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the 1 $formcomments or 2 $formautoapprove parameters, which are written to config.php...