Command injection

ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it coul...

inout-exec.txt

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage: php ".$argv0." Site CMD Host: target server ip/hostname Path: path of phpMyNewsletter CMD: a shell command Example: php ".$argv0." localhost /inout/ cat /etc/password"; die; /...

CVE-2006-3013

Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null %00 character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could...

CVE-2006-3013

The CVE-2006-3013 issue affects phpBannerExchange (pre-2.0 Update 6 / RC5) where resetpw.php validates email with eregi. A NULL byte (%00) in the email parameter bypasses the regex, allowing SQL injection via a crafted email, enabling password resets and access to user accounts. Proof-of-concept ...

SimpleBBS 1.0.6/1.0.7/1.1 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/17501/info SimpleBBS is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to execute arbitrary PHP commands in the...

Design/Logic Flaw

The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php...

HiveMail 1.2.2/1.3 - 'addressbook.update.php?contactgroupid' Arbitrary PHP Command Execution

source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP code-execution issues are the result of an input-validation error that...

ATutor 1.x - 'print.php?section' Remote File Inclusion

source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks. ATutor 1.5.1-pl1 and prior versions are affected...

eping.txt

www.RedC0de.org found the following error in eping: Details ------- Advisory name: Arbitrary code execution in eping plugin Advisory number: 1 Application: eping Aplication author: apnovi3 Security-Risk: high - very high Remote-Exploit: Yes Discovered by: m00fd1 aka Tr|p Introduction ------------...

CVE-2005-2014

The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack...

Arbitrary code execution in eping plugin

www.RedC0de.org found the following error in eping: Details ------- Advisory name: Arbitrary code execution in eping plugin Advisory number: 1 Application: eping Aplication author: apnovi3 Security-Risk: high - very high Remote-Exploit: Yes Discovered by: m00fd1 aka Tr|p Introduction ------------...

PHP 3.0.x < 3.0.17 / 4.0.x < 4.0.3 Error Log Command Injection

Binary data 1480.prm...

PHP 4.3.x - Microsoft Windows Shell Escape functions Command Execution

PHP 4.3.x - Microsoft Windows Shell Escape functions Command Execution source: https://www.securityfocus.com/bid/10471/info PHP is reportedly prone to a command execution vulnerability in its shell escape functions. This issue is due to a failure of PHP to properly sanitize function arguments. Th...

Greymatter v1.21d: Remote PHP command injection/execution.

Product: Greymatter v1.21d Vendor: Noah Grey - GreySoft Author: FraMe frame at kernelpanik.org URL: http://www.kernelpanik.org CONTENTS 1. Overview 2. Description. 3. How to exploit it? 4. Impact. 5. Patch. 6. Vendor Response 7. Greetings 1. Overview. Greymatter is a news/weblog tool written in...

CVE-2001-0043

Affected software: PhpGroupWare (before 0.9.7). The vulnerability allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of phpgw.inc.php, due to an include/file inclusion flaw. The described impact is remote command execution ...