CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...

CVE-2005-3405

ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the 1 asc or 2 desc parameters set, possibly due to an eval injection vulnerability...

Nuked-klaN 1.3 - Remote Information Disclosure

Nuked-klaN 1.3 - Remote Information Disclosure source: https://www.securityfocus.com/bid/6917/info A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due t...

Nuked-klaN 1.3 - Remote Information Disclosure

source: https://www.securityfocus.com/bid/6917/info A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due to insufficient sanitization of user-supplied UR...

PHP problem

This is not really an advisory, but a warning for sysadmins running webservers with PHP. I noticed that it was possible to rebuild the user database Unix even when safemode prevented from reading /etc/passwd and openbasedir prevented from accessing /etc. The implementation of getpwuid,nam functio...