CVE-2002-1211

Prometheus 6.0 and earlier is vulnerable to remote PHP code execution via a tainted PROMETHEUS_LIBRARY_BASE that can be set to a remote server and loaded by index.php, install.php, or test_*.php. The underlying flaw is the conditional inclusion of files (autoload.lib, prometheus-lib.path) based o...

CVE-2002-1113

summarygraphfunctions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the gjpgraphpath parameter to reference the location of the PHP code...

CVE-2002-1435

class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allowurlfopen' setting is enabled via a URL in the configatkroot parameter that points to the code...

PHP Code Snippet Library index.php Multiple Parameter XSS

The remote host is running PHP Code Snippet Library PHP-CSL, a library written in PHP. The remote version of this software fails to sanitize input to the 'catselect' parameter of the 'index.php' script. This can be used to take advantage of the trust between a client and server allowing the...

Gallery save_photos.php Arbitrary Command Execution

The version of Gallery hosted on the remote web server is affected by an arbitrary command execution vulnerability. This could allow an attacker to execute arbitrary commands on the remote host by uploading a file containing arbitrary PHP code. When the temp directory is web accessible, the...

Mantis Bugtracker Remote PHP Code Execution Vulnerability

--------------------------------------------------------------------------- Mantis Bugtracker Remote PHP Code Execution Vulnerability --------------------------------------------------------------------------- Author: Joxean Koret Date: 08-01-2004 Location: Basque Country...

Coppermine Gallery < 1.1 Beta 2 PHP Code Execution (deprecated)

Binary data 1567.prm...

PHP Code Snippet Library 'index.php' XSS

Binary data 2149.prm...

[UNIX] YaPiG add_comment.php PHP Code Injection

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2004-0490

cPanel, when compiling Apache 1.3.29 and PHP with the modphpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPTFILENAME variable to find and execute a script instead of the PATHTRANSLATED variable, which allows local users to execute arbitrary PHP code...

trixbox Dashboard user/index.php langChoice Parameter Local File Inclusion

Binary data 4577.prm...

Serendipity <= 1.0-beta2 Blog Configuration PHP Code Injection

Binary data 3518.prm...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a popular, web-based MySQL administration tool written in PHP. It allows users to administer a MySQL database from a web-browser. Description Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including...

phpMyAdmin 2.5.7 - Remote code Injection

phpMyAdmin 2.5.7 - Remote code Injection / phpmy-explt.c written by Nasir Simbolon eagle kecapi com Jakarta, Indonesia June, 10 2004 A phpMyAdmin-2.5.7 exploite program. This is a kind of mysql server wrapper acts like a proxy except that it will sends a fake table name, when client query "SHOW...

php codes injection in phpMyAdmin version 2.5.7.

Software : phpMyAdmin Version : 2.5.7 Vulnerability : php codes injection Problem-Type : remote user phpMyAdmin is web-based mysql administration written in PHP. There is a vulnerability in phpMyAdmin version 2.5.7. This vulnerability would allow remote user to inject php codes to be executed by...

When faking table with specific name, an attacker can make phpMyAdmin to execute arbitrary php code and add custom server configuration.

PMASA-2004-1 Announcement-ID: PMASA-2004-1 Date: 2004-06-29 Summary When faking table with specific name, an attacker can make phpMyAdmin to execute arbitrary php code and add custom server configuration. Description phpMyAdmin used eval function to fill some values and one parameter used there w...

e107 website system 0.6 - &#039;usersettings.php?avmsg&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/10436/info e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execut...

e107 website system 0.6 - email article to a friend Feature Cross-Site Scripting

e107 website system 0.6 - email article to a friend Feature Cross-Site Scripting source: https://www.securityfocus.com/bid/10436/info e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties ...

gemitelv3.txt

--------------------------------------------------------------------------------------------- GEMITEL V 3 build 50 :: include vulnerability URL : http://www.isesam.com/ FORUM : http://www.isesam.com/forums/gemitel/threadopen.shtml Vendor has been contacted. Description : --------------- Gemitel i...

CVE-2004-1820

PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php...