82 matches found
phpRPC decode function command execution
Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...
phpRPC decode function command execution
Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...
phpRPC decode function command execution
Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...
CVE-2003-1252
register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using ...
Zeroboard < 4.1pl6 Multiple Vulnerabilities - Active Check
Zeroboard is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ATutor 1.x - body_header.inc.php?section Local File Inclusion
ATutor 1.x - bodyheader.inc.php?section Local File Inclusion source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attack...
ATutor 1.x - 'forum.inc.php' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks. ATutor 1.5.1-pl1 and prior versions are affected...
ATutor 1.x - print.php?section Remote File Inclusion
ATutor 1.x - print.php?section Remote File Inclusion source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks. ATuto...
ATutor 1.x - 'body_header.inc.php?section' Local File Inclusion
source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks. ATutor 1.5.1-pl1 and prior versions are affected...
CVE-2005-2540
CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 carriage return in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed...
CVE-2005-2540
CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 carriage return in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed...
CVE-2002-2045
xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to 1 execute PHP commands such as phpinfo or 2 obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message...
CVE-2002-2045
CVE-2002-2045 affects x-stat 2.3 and earlier, via x_stat_admin.php. The flaw allows remote attackers to (1) execute PHP commands (e.g., phpinfo) or (2) reveal the web server’s full path through an invalid action parameter that leaks the pathname in an error message. The NVD CVSS v2 score is 6.4 (...
CVE-2005-2014
The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack...
CVE-2005-0429
Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter...
PHP-Calendar Multiple Script phpc_root_path Parameter Remote File Inclusion
The remote web server is running PHP-Calendar, a web-based calendar written in PHP. The remote version of this software is vulnerable to a file inclusion flaw that could allow an attacker to execute arbitrary PHP commands on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CVE-2003-1252
register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using ...
BLNews 2.1.3 - Remote File Inclusion
BLNews 2.1.3 - Remote File Inclusion source: https://www.securityfocus.com/bid/7677/info It has been reported that BLNews is prone to a remote file include vulnerability. This is due to the incorrection initilization of some PHP headers within the application. As a result, an attacker may be...
Ultimate PHP Board 1.9 - 'admin_iplog.php' Arbitrary PHP Execution
source: https://www.securityfocus.com/bid/7678/info A vulnerability has been reported in Ultimate PHP Board. The problem is said to occur due to insufficient sanitization of user-supplied input before including log data into a PHP file. As a result, it may be possible for a remote attacker to...
CVE-2002-2045
xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to 1 execute PHP commands such as phpinfo or 2 obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message...