2604 matches found
PT-2005-2851 · Flatnuke · Flatnuke
Name of the Vulnerable Software and Affected Versions: FlatNuke version 2.5.3 Description: A direct code injection issue allows remote attackers to execute arbitrary PHP code by placing the code into the referer header of an HTTP request. This causes the code to be injected into referer.php, whic...
Vortex Portal 2.0 - content.php?act Remote File Inclusion
Vortex Portal 2.0 - content.php?act Remote File Inclusion source: https://www.securityfocus.com/bid/12878/info Vortex Portal is reportedly affected by a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user supplied input. It is...
CitrusDB 0.3.6 - Arbitrary Local PHP File Inclusion
CitrusDB 0.3.6 - Arbitrary Local PHP File Inclusion source: https://www.securityfocus.com/bid/12564/info CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input. This...
CitrusDB 0.3.6 - Arbitrary Local PHP File Inclusion
source: https://www.securityfocus.com/bid/12564/info CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input. This issue is reported to affect CitrusDB 0.3.6; earlier...
GLSA-200501-39 : SquirrelMail: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200501-39 SquirrelMail: Multiple vulnerabilities SquirrelMail fails to properly sanitize certain strings when decoding specially crafted strings, which can lead to PHP file inclusion and XSS. Insufficient checking of incoming URLs...
CVE-2004-1448
Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code...
SquirrelMail: Multiple vulnerabilities
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted strings, which can lead to PHP file inclusion and XSS...
CVE-2004-2255
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename...
CVE-2004-1448
Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code...
e107 include() Remote Exploit
Exploit for unknown platform in category web applications ============================= e107 include Remote Exploit ============================= | | | | | | |/ \ \ /\ / / | | | | \ V V / || ||/ // Security Group. -= e107 remote sploit =- by sysbug Attack method: with this sploit u can send an...
CVE-2004-0613
osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory...
phpPOC.txt
PHP File Upload Vulnerability POC Title: Overwrite $FILE array in rfc1867 - Mime multipart/form-data File Upload Author: Stefano Di Paola Affected: Php "; if isuploadedfile$FILES'userfile''tmpname' && moveuploadedfile$FILES'userfile''tmpname', $uploadfile print "File is valid, and was successfull...
PHP rfc1867.c $_FILES Array Crafted MIME Header Arbitrary File Upload
The remote host is running a version of PHP that is older than 4.3.9 or 5.0.2. The remote version of this software is affected by an unspecified file upload vulnerability that could allow a local attacker to upload arbitrary files to the server. This flaw can only be exploited locally...
GLSA-200406-09 : Horde-Chora: Remote code execution
The remote host is affected by the vulnerability described in GLSA-200406-09 Horde-Chora: Remote code execution A vulnerability in the diff viewer of Chora allows an attacker to inject shellcode. An attacker can exploit PHP's file upload functionality to upload a malicious binary to a vulnerable...
Vulnerabilities in Merak Webmail Server.
CRIOLABS http://www.criolabs.net - Software: Merak Webmail Server - Type: Webmail - Company: Merak Mail Server, Inc. Software Software: Merak Webmail Server Version: 5.2.7 Plataforms: All Windows platforms Web: http://www.merakmailserver.com/ Vendor Description Merak's WebMail Server is used by...
Horde-Chora: Remote code execution
Background Chora is a PHP-based SVN/CVS repository viewer by the HORDE project. Description A vulnerability in the diff viewer of Chora allows an attacker to inject shellcode. An attacker can exploit PHP's file upload functionality to upload a malicious binary to a vulnerable server, chmod it as...
cPanel 5 9 - Local Privilege Escalation
cPanel 5 9 - Local Privilege Escalation source: https://www.securityfocus.com/bid/10407/info cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the modphpsuexec option are insecure. These settings...
Include vulnerability in GEMITEL v 3.50
GEMITEL V 3 build 50 :: include vulnerability URL : http://www.isesam.com/ FORUM : http://www.isesam.com/forums/gemitel/threadopen.shtml Vendor has been contacted. Description : --------------- Gemitel is a free software written in php that allows to manage micro payments like allopass,...
Les Commentaires (PHP) Include file
Informations : °°°°°°°°°°°°°° Website : http://www.phpscripts-fr.net Version : all Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° config/fonctions.lib.php dernierscommentaires.php admin.php ------------------------------------------------------------------ if !isset$rep $rep = './...
Gallery 1.3.x/1.4 - Remote Global Variable Injection
source: https://www.securityfocus.com/bid/9490/info It has been reported that Gallery is prone to a vulnerability that may allow a remote attacker to gain unauthorized access by overwriting various values for global variables. The issue occurs due to improper simulation of the behaviour of...