CVE-2006-5733

CVE-2006-5733 : A directory traversal/remote local file inclusion flaw in PostNuke ≤0.763 (error.php) allows an attacker to cause arbitrary local file inclusion by placing PHP sequences in the PNSVlang cookie, which gets written into Apache logs and later included by error.php. Affected product/v...

JAFCMS-4.0.txt

Hacker: NanoyMaster /|| \ | || \ / ||\ Exploit: JAF CMS / || |\| || / || \ Version: 4.0 RC1 \ || | \ || |/| || / ||| ||| |||/ vulnerabilities: XSS in shoutbox PHP execution XSS in forum \m/Props\m/ z3r0phr34k SystemMeltdown THK-GEO & THK-h3x All of Exploitarians...

JAF CMS 4.0 RC1 multiple vulnerabilities

Hacker: NanoyMaster /|| | || / || Exploit: JAF CMS / || || || / || Version: 4.0 RC1 || | || |/| || / ||| ||| |||/ vulnerabilities: XSS in shoutbox PHP execution XSS in forum m/Propsm/ z3r0phr34k SystemMeltdown THK-GEO & THK-h3x All of Exploitarians...

PT-2006-4555 · Codeworks · Codeworks Gnomedia Subberz[Lite]

Name of the Vulnerable Software and Affected Versions: Codeworks Gnomedia SubberZLite affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter in the user-func.php file. However, a third party has disputed...

PT-2006-3280 · Ispconfig · Ispconfig

Name of the Vulnerable Software and Affected Versions: ISPConfig versions 2.2.2 and earlier Description: A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the go infoserverclasses root parameter. The vendor has disputed this issue, stating that the affected...

Code injection

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection...

Q-News 2.0 - Remote File Inclusion

Q-News 2.0 - Remote File Inclusion source: https://www.securityfocus.com/bid/15576/info Q-News is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remot...

CVE-2005-3767

Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files...

CVE-2005-2686

CVE-2005-2686 describes a directory traversal vulnerability in SaveWebPortal 3.4. Remote attackers can cause arbitrary file inclusion and execute local PHP programs by supplying ".." sequences in the SITE_Path parameter to menu_dx.php or the CONTENTS_Dir parameter to menu_sx.php. Affected softwar...

PHP Execution Vulnerability in CuteNews

There is a vulnerability in the latest and to the best of my knowledge, all prior versions of CuteNews from CutePHP.com. CuteNews does not properly sanitize user input when an administrative account edits the template files. CuteNews takes HTML code from a web form and outputs it to a template fi...

GLSA-200503-04 : phpWebSite: Arbitrary PHP execution and path disclosure

The remote host is affected by the vulnerability described in GLSA-200503-04 phpWebSite: Arbitrary PHP execution and path disclosure NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable ...

phpWebSite: Arbitrary PHP execution and path disclosure

Background phpWebSite provides a complete web site content management system. Description NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable to a path disclosure. Impact A remote...

cutenews.txt

===================================================== cutenews 1.3.6: Remote XSS && Local Code Execution ===================================================== FraMe - frame at kernelpanik.org http://www.kernelpanik.org ===================================================== cutenews es un script...

CVE-2004-1426

Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. dot dot sequences in the lng parameter...

ZeroBoard Multiple Scripts dir Parameter Remote File Inclusion

The remote host runs Zeroboard, a web BBS application popular in Korea. The remote version of this CGI is vulnerable to multiple flaws which may allow an attacker to execute arbitrary PHP commands on the remote host by including a PHP file hosted on a third-party server, or to read arbitrary file...

CVE-2004-2256

Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang language variable...

phpBB 2.0.x - admin_cash.php PHP Remote File Inclusion

phpBB 2.0.x - admincash.php PHP Remote File Inclusion source: https://www.securityfocus.com/bid/11701/info A vulnerability is reported to exist in the phpBB CashMod module that may allow an attacker to include malicious PHP files containing arbitrary code to be executed on a vulnerable system...

phpBB Code EXEC (v2.0.10)

| | | | | | | | || | | | | | | | | |/ / / / | | | / | '| |/ / | | | | V V / | |/ / | | | | | |// // |/ ,|| || http://www.howdark.com ---------------------------------------------------------------------------------------------------------------------------------- // Information...

phpMyAdmin257.txt

Software : phpMyAdmin Version : 2.5.7 Vulnerability : php codes injection Problem-Type : remote user phpMyAdmin is web-based mysql administration written in PHP. There is a vulnerability in phpMyAdmin version 2.5.7. This vulnerability would allow remote user to inject php codes to be executed by...

CVE-2004-0490

cPanel, when compiling Apache 1.3.29 and PHP with the modphpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPTFILENAME variable to find and execute a script instead of the PATHTRANSLATED variable, which allows local users to execute arbitrary PHP code...