46 matches found
EUVD-2008-3748
Malware in sbrugna...
EUVD-2006-2395
Malware in sbrugna...
EUVD-2008-3750
Malware in sbrugna...
Turnkey Web Tools PHP Live Helper 1.8 Remote File Inclusion (CVE-2006-1477)
A file inclusion vulnerability has been reported in Turnkey Web Tools PHP Live Helper. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
PHP Live Helper 2.0 Chat.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17960/info PHP Live Helper is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrar...
PHP Live Helper <= 1.x (abs_path) Remote File Include Vulnerability
No description provided by source. --------------------------------------------------------------------------- PHP Live Helper =abspath Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By SnIpErSA Author : SnIpErSA Remote :...
PHP Live Helper <= 2.0 (abs_path) Remote File Inclusion Vulnerability
No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV43$2006 ------------------------------------------------------------------------------ ECHOADV43$2006 PHP Live Helper = 2.0 abspath Remote File Inclusion...
php live helper <= 2.0.1 - Multiple Vulnerabilities
No description provided by source. GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper = 2.0.1 Risk : Multiple Vulnerabilities Description: PHP Live Helper is an online support system written in php that allows...
PHPLiveHelper global.php abs_path Parameter PHP Code Execution - Ver2 (CVE-2006-4051)
A code execution vulnerability has been reported in Turnkey Web Tools PHP Live Helper. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Sql injection
Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...
Code injection
Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when registerglobals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file...
CVE-2008-3764
Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...
CVE-2008-3763
CVE-2008-3763 describes a variable overwrite vulnerability in libsecure.php of Turnkey PHP Live Helper 2.0.1 and earlier. When register_globals is enabled, remote attackers can overwrite arbitrary variables related to the db config file, potentially enabling code injection by overwriting the lang...
CVE-2008-3764
CVE-2008-3764 describes an eval injection in Turnkey PHP Live Helper (PHP Live Helper) 2.0.1 and earlier. The vulnerability resides in globalsoff.php and allows remote attackers to execute arbitrary PHP code via the test parameter (and likely other parameters) passed to chat.php. This is a remote...
CVE-2008-3763
Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when registerglobals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file...
CVE-2008-3762
CVE-2008-3762 is a SQL injection in Turnkey PHP Live Helper 2.0.1 and earlier. The vulnerability arises from lack of input sanitization in the get function (global.php), allowing remote attackers to execute arbitrary SQL via the dep parameter in onlinestatus_html.php. Connected sources confirm th...
CVE-2008-3762
SQL injection vulnerability in onlinestatushtml.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php...
PHP Live Helper <= 2.0.1 Multiple Remoet Vulnerabilities
No description provided by source. GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper = 2.0.1 Risk : Multiple Vulnerabilities Description: PHP Live Helper is an online support system written in php that allows...
PHP Live! Helper < 2.1.0 Multiple Vulnerabilities
Binary data 4627.prm...
phplivehelper-sqlexec.txt
GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper DBsite-queryfirst"SELECT FROM ". $this-dbprefix.$table." where ".$from."='$id'"; if isarray$result foreach $result as $key = $val $info$key = stripslashes$val;...