[SECURITY] [DSA 419-1] New phpgroupware packages fix unintended PHP execution and SQL injection

-------------------------------------------------------------------------- Debian Security Advisory DSA 419-1 [email protected] http://www.debian.org/security/ Martin Schulze January 9th, 2003 http://www.debian.org/security/faq -...

[Full-Disclosure] [SECURITY] [DSA 419-1] New phpgroupware packages fix unintended PHP execution and SQL injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 419-1 [email protected] http://www.debian.org/security/ Martin Schulze January 9th, 2003 http://www.debian.org/security/faq -...

EasyDynamicPages 1.0 - config_page.php PHP Remote File Inclusion

EasyDynamicPages 1.0 - configpage.php PHP Remote File Inclusion source: https://www.securityfocus.com/bid/9338/info EasyDynamicPages is prone to a remote file include vulnerability in a configuration script. This will permit a remote attack to include malicious PHP scripts from remote servers,...

CVE-2003-1459

Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the 1 template parameter in News.php or 2 installdir parameter in install.php...

MoreGroupWare 0.6.8 - WEBMAIL2_INC_DIR Remote File Inclusion

source: https://www.securityfocus.com/bid/8249/info moregroupware is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a moregroupware URI variable. This variable is used in the includ...

Zentrack 2.22.32.4 - index.php Remote File Inclusion

Zentrack 2.22.32.4 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/7843/info A remote file include vulnerability has been reported for Zentrack. Due to insufficient sanitization of some user-supplied variables by the 'index.php' script, it is possible for a remote...

Cafelog b2 0.6 - Remote File Inclusion

source: https://www.securityfocus.com/bid/7738/info A remote file include vulnerability has been reported for Cafelog. Due to insufficient sanitization of some user-supplied variables by the 'blogger-2-b2.php' and 'gm-2-b2.php' scripts, it is possible for a remote attacker to include a malicious...

UPB: Discussion Board/Web-Site Takeover

=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: UPB: Discussion Board/Web-Site Takeover product: Ultimate PHP Board v1.9 latest vendor: www.myupb.com risk: high date: 05/24/2k3 discovered by: euronymous /F0KP advisory urls: http://f0kp.iplus.ru/bz/024.en.txt...

BLNews 2.1.3 - Remote File Inclusion

source: https://www.securityfocus.com/bid/7677/info It has been reported that BLNews is prone to a remote file include vulnerability. This is due to the incorrection initilization of some PHP headers within the application. As a result, an attacker may be capable of executing arbitrary PHP comman...

Ultimate PHP Board 1.9 - admin_iplog.php Arbitrary PHP Execution

Ultimate PHP Board 1.9 - adminiplog.php Arbitrary PHP Execution source: https://www.securityfocus.com/bid/7678/info A vulnerability has been reported in Ultimate PHP Board. The problem is said to occur due to insufficient sanitization of user-supplied input before including log data into a PHP...

Ultimate PHP Board 1.9 - 'admin_iplog.php' Arbitrary PHP Execution

source: https://www.securityfocus.com/bid/7678/info A vulnerability has been reported in Ultimate PHP Board. The problem is said to occur due to insufficient sanitization of user-supplied input before including log data into a PHP file. As a result, it may be possible for a remote attacker to...

Coppermine Photo Gallery remote compromise

---AFFECTED SOFTWARE--- From the website, http://www.chezgreg.net/coppermine/: "Coppermine Photo Gallery is a picture gallery script. Users can upload pictures with a web browser thumbnails are created on the fly, add comments, send e-cards and view statistics about the pictures. " "The script us...

Coppermine Photo Gallery 1.0 - PHP Code Injection

Coppermine Photo Gallery 1.0 - PHP Code Injection source: https://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo...

Cedric Email Reader 0.20.3 - Skin Configuration Script Remote File Inclusion

Cedric Email Reader 0.20.3 - Skin Configuration Script Remote File Inclusion source: https://www.securityfocus.com/bid/6818/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is...

S8Forum 3.0 - Remote Command Execution

S8Forum 3.0 - Remote Command Execution source: https://www.securityfocus.com/bid/6547/info S8Forum is prone to a remote command execution vulnerability. When a user registers with the forum, a file is created locally with the specified username. The contents of this file will be the data entered ...

CVE-2002-1841

The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4...

iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 10.31.02b: http://www.idefense.com/advisory/10.31.02b.txt Prometheus Application Framework Code Injection October 31, 2002 I. BACKGROUND Jason Orcutt's Prometheus is a web application framework written in PHP. It is availabl...

VBZoom 1.0 - Arbitrary File Upload

VBZoom 1.0 - Arbitrary File Upload source: https://www.securityfocus.com/bid/5926/info It has been reported that VBZoom 1.01 may allow attackers to upload arbitrary files to a vulnerable system. The vulnerability is the result of VBZoom failing to properly validate the types of files that are...

WikkiTikkiTavi 0.x - Remote File Inclusion

source: https://www.securityfocus.com/bid/3946/info WikkiTikkiTavi is a freely available engine for running a Wiki site. Wiki sites are web communities which are based on the idea that every webpage is editable by users of the website. WikkiTikkiTavi is back-ended by a MySQL database and runs on...

phpBB does not adequately validate user input for language selection thereby allowing user to execute arbitrary php code

Overview phpBB is an open-source bulletin board program. A user input validation problem exists with regard to language settings. An intruder can excute arbitrary php code and gain a shell with the privileges of the web server on the system. Description Version 1.4.0 and earlier have a user input...