EUVD-2002-0284

Malware in sbrugna...

printf(1) via PHP magic_quotes Utility Command Encoder

This encoder uses the printf1 utility to avoid restricted characters. Some shell variable substitution may also be used if needed symbols are blacklisted. Some characters are intentionally left unescaped since it is assumed that PHP with magicquotesgpc enabled will escape them during request...

AjaxPortal LoginADP函数SQL注入漏洞

BUGTRAQ ID: 18897 AjaxPortal是基于Sajax技术的建站解决方案。 AjaxPortal的的LoginADP函数实现上存在SQL注入漏洞，远程攻击者可能利用此漏洞在服务器上执行任意代码。 仅在禁用了PHP魔术引号的情况下才能利用这个漏洞。 MyioSoft AjaxPortal 3.0 MyioSoft -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://myiosoft.com/...

[UNIX] vBulletin init.php SQL Injection (specialtemplates)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2002-0287

pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default...