406 matches found
ttCMS/ttForum multiple bugs
SQL injection via username in Profile.php. PHP injection in News.php, install.php...
[NGSEC-2003-5] YABB SE, remote command execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Next Generation Security Technologies http://www.ngsec.com Security Advisory Title: YABB SE, remote command execution. ID: NGSEC-2003-5 Application: YABB SE up to 1.5.1 Date: 04/22/2003 Status: Vendor contacted, new fixed version available. Platforms:...
GOnicus System Administrator php injection
I. BACKGROUND The GOnicus System Administrator is a PHP based administration tool for managing accounts/systems in LDAP databases. Project homepage : http://www.gonicus.de II. DESCRIPTION A remote attacker can inject into GOsa arbitrary PHP code that executes under the privileges of the underlyin...
MySimpleNews 1.0 - PHP Injection
MySimpleNews 1.0 - PHP Injection source: https://www.securityfocus.com/bid/5865/info MySimpleNews allows users to enter news articles through a web interface. It will allow PHP code to be injected into URI parameters of the 'users.php' script, which will be stored into a MySimpleNews file...
MySimpleNews 1.0 - PHP Injection
source: https://www.securityfocus.com/bid/5865/info MySimpleNews allows users to enter news articles through a web interface. It will allow PHP code to be injected into URI parameters of the 'users.php' script, which will be stored into a MySimpleNews file news.php3. The injected code may then be...
malicious PHP source injection in phpBB
JCC Security Advisory June 16, 2002 malicious PHP source injection in phpBB Description phpBB is one of popular PHP bulletin board systems. When allowurlfopen = On and registerglobals = On in php.ini, phpBB has vulnerability because install.php contains dangerous codes. So an attacker can include...