CVE-2004-1573

The CVE-2004-1573 entry concerns AJ-Fork 167 where insecure file permissions on users.db.php (set to 777) allow local users to execute arbitrary PHP code and gain administrator privileges. The vulnerability’s impact is (local) arbitrary code execution with full privileges as described; exploitati...

CVE-2004-1505

Technical details (affected product/component/versions/root cause) are not publicly provided in the supplied Connected documents. Monitor for updates to confirm scope, impact, and remediation for CVE-2004-1505.

vbulletin 3.0.x PHP code execution

Vulnerable Systems: ---------------- vBulletin version 3.0 up to and including version 3.0.4 Immune systems: ---------------- vBulletin version 3.0.5 vBulletin version 3.0.6 Vulnerable code in forumdisplay.php : if $vboptions'showforumusers' . . . . if $bbuserinfo'userid' . . . . $comma = ', ';...

CVE-2004-1423

Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office VLO and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpcrootpath parameter to 1 includes/calendar.ph...

CVE-2005-0268

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the urlavatar field...

CVE-2005-0327

pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php...

Multiple vulnerabilities in MercuryBoard 1.1.1

CODEBUG Labs Advisory 7 Title: Multiple vulnerabilities in MercuryBoard 1.1.1 Author: Alberto Trivero English Version: Alberto Trivero Product: MercuryBoard 1.1.1 Type: Multiple Vulnerabilities Web: http://www.codebug.org/ -- Software Page www.mercuryboard.com "MercuryBoard is a powerful message...

FlatNuke index.php url_avatar Field Arbitrary PHP Code Execution

The remote host is running FlatNuke, a content management system written in PHP and using flat files rather than a database for its storage. The remote version of this software has a form submission vulnerability that may allow an attacker to execute arbitrary PHP commands on the remote host...

Cross Site Scripting Vulnerabilities and Possible Code Execution in SugarCRM

---------------------------------------------------------------------------- Cross Site Scripting Vulnerabilities and Possible Code Execution in SugarCRM ---------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2004 Location: Basqu...

CVE-2004-1421

Multiple PHP remote file inclusion vulnerabilities 1 stepone.php, 2 steponetables.php, 3 steptwotables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the serverinc parameter to reference a URL on a remote web server that contains the cod...

CVE-2004-1505

Directory traversal vulnerability in index.php in Just Another Flat file JAF CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. dot dot in the show parameter...

CVE-2004-1746

Cross-site scripting XSS vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the 1 catselect or 2 show parameters...

CVE-2004-2138

Cross-site scripting XSS vulnerability in AWSguest.php in AllWebScripts MySQLGuest allows remote attackers to inject arbitrary HTML and PHP code via the 1 Name, 2 Email, 3 Homepage or 4 Comments field...

CVE-2004-2157

Cross-site scripting XSS vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the 1 email or 2 username field...

CVE-2004-2740

PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the pathpre parameter...

PHProjekt: Remote code execution vulnerability

Background PHProjekt is a modular groupware web application used to coordinate group activities and share files. Description cYon discovered that the authform.inc.php script allows a remote user to define the global variable $pathpre. Impact A remote attacker can exploit this vulnerability to for...

CVE-2004-1227

CVE-2004-1227 affects SugarCRM Sugar Sales 2.0.1c and earlier. The vulnerability is a directory traversal flaw allowing remote attackers to read arbitrary files and potentially execute PHP code via dot-dot sequences in several parameters to index.php and Login.php (and possibly other scripts). Ro...

alexPHP.txt

Informations : °°°°°°°°°°°°°° Website : http://www.alexphpteam.com Version : all Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° ./include/livreinclude.php ------------------------------------------------------------------ if !$noconnect.... some include functions...

Debian DSA-346-1 : phpsysinfo - directory traversal

Albert Puigsech Galicia reported that phpsysinfo, a web-based program to display status information about the system, contains two vulnerabilities which could allow local files to be read, or arbitrary PHP code to be executed, under the privileges of the web server process usually www-data. These...

CVE-2002-1113

CVE-2002-1113 affects Mantis Control/issue tracker: summary_graph_functions.php in Mantis ≤ 0.17.3 allows remote code execution by altering g_jpgraph_path to point to PHP code. The root cause is the g_jpgraph_path parameter not being validated, enabling an attacker to reference arbitrary PHP as c...