Lucene search
K

82 matches found

Saint
Saint
added 2006/03/13 12:0 a.m.19 views

phpRPC decode function command execution

Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...

7.5CVSS7.4AI score0.03484EPSS
Exploits6
Saint
Saint
added 2006/03/13 12:0 a.m.29 views

phpRPC decode function command execution

Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...

7.5CVSS7.4AI score0.03484EPSS
Exploits6
Saint
Saint
added 2006/03/13 12:0 a.m.35 views

phpRPC decode function command execution

Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...

7.5CVSS7.4AI score0.03484EPSS
Exploits6
Cvelist
Cvelist
added 2005/11/16 7:37 a.m.18 views

CVE-2003-1252

register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using ...

7.6AI score0.0309EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.28 views

Zeroboard < 4.1pl6 Multiple Vulnerabilities - Active Check

Zeroboard is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.04427EPSS
Exploits2References3
exploitpack
exploitpack
added 2005/10/27 12:0 a.m.20 views

ATutor 1.x - body_header.inc.php?section Local File Inclusion

ATutor 1.x - bodyheader.inc.php?section Local File Inclusion source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attack...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/10/27 12:0 a.m.24 views

ATutor 1.x - &#039;forum.inc.php&#039; Arbitrary Command Execution

source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks. ATutor 1.5.1-pl1 and prior versions are affected...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2005/10/27 12:0 a.m.15 views

ATutor 1.x - print.php?section Remote File Inclusion

ATutor 1.x - print.php?section Remote File Inclusion source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks. ATuto...

7.5AI score
Exploits0
Exploit DB
Exploit DB
added 2005/10/27 12:0 a.m.35 views

ATutor 1.x - &#039;body_header.inc.php?section&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks. ATutor 1.5.1-pl1 and prior versions are affected...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2005/08/10 4:0 a.m.25 views

CVE-2005-2540

CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 carriage return in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed...

7.9AI score0.06102EPSS
Exploits1References6
NVD
NVD
added 2005/08/10 4:0 a.m.23 views

CVE-2005-2540

CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 carriage return in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed...

5CVSS7.9AI score0.06102EPSS
Exploits1References6
Cvelist
Cvelist
added 2005/07/14 4:0 a.m.16 views

CVE-2002-2045

xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to 1 execute PHP commands such as phpinfo or 2 obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message...

7.2AI score0.01712EPSS
Exploits1References7
CVE
CVE
added 2005/07/14 4:0 a.m.40 views

CVE-2002-2045

CVE-2002-2045 affects x-stat 2.3 and earlier, via x_stat_admin.php. The flaw allows remote attackers to (1) execute PHP commands (e.g., phpinfo) or (2) reveal the web server’s full path through an invalid action parameter that leaks the pathname in an error message. The NVD CVSS v2 score is 6.4 (...

6.4CVSS7.6AI score0.01712EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2005/06/20 4:0 a.m.24 views

CVE-2005-2014

The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack...

7.3AI score0.00653EPSS
Exploits0References2
Cvelist
Cvelist
added 2005/02/15 5:0 a.m.26 views

CVE-2005-0429

Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter...

7.7AI score0.01934EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/12/29 12:0 a.m.77 views

PHP-Calendar Multiple Script phpc_root_path Parameter Remote File Inclusion

The remote web server is running PHP-Calendar, a web-based calendar written in PHP. The remote version of this software is vulnerable to a file inclusion flaw that could allow an attacker to execute arbitrary PHP commands on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

7.5CVSS6AI score0.15469EPSS
Exploits3References4
NVD
NVD
added 2003/12/31 5:0 a.m.14 views

CVE-2003-1252

register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using ...

7.5CVSS7.6AI score0.0309EPSS
Exploits1References6
exploitpack
exploitpack
added 2003/05/24 12:0 a.m.10 views

BLNews 2.1.3 - Remote File Inclusion

BLNews 2.1.3 - Remote File Inclusion source: https://www.securityfocus.com/bid/7677/info It has been reported that BLNews is prone to a remote file include vulnerability. This is due to the incorrection initilization of some PHP headers within the application. As a result, an attacker may be...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2003/05/24 12:0 a.m.32 views

Ultimate PHP Board 1.9 - &#039;admin_iplog.php&#039; Arbitrary PHP Execution

source: https://www.securityfocus.com/bid/7678/info A vulnerability has been reported in Ultimate PHP Board. The problem is said to occur due to insufficient sanitization of user-supplied input before including log data into a PHP file. As a result, it may be possible for a remote attacker to...

7.4AI score
Exploits0
NVD
NVD
added 2002/12/31 5:0 a.m.14 views

CVE-2002-2045

xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to 1 execute PHP commands such as phpinfo or 2 obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message...

6.4CVSS7.2AI score0.01712EPSS
Exploits1References7
Rows per page
Query Builder