Unix Manual PHP-Script does not adequately validate user input thereby allowing arbitrary command execution

Overview User Manual does not adequately validate user input, allowing attackers to execute arbitrary commands on the server. Description Unix Manual as known as manual.php is a PHP script used to lookup and display man pages on the web. User Manual does not adequately filter user input before...

Achievo 0.7/0.8/0.9 - Remote File Inclusion / Command Execution

source: https://www.securityfocus.com/bid/5552/info Achievo includes a PHP script which is used to generate JavaScript class.atkdateattribute.js.php. This script employs a number of PHP includeonce statements to call code contained in function libraries and grab configuration information. Attacke...

Achievo 0.70.80.9 - Remote File Inclusion Command Execution

Achievo 0.70.80.9 - Remote File Inclusion Command Execution source: https://www.securityfocus.com/bid/5552/info Achievo includes a PHP script which is used to generate JavaScript class.atkdateattribute.js.php. This script employs a number of PHP includeonce statements to call code contained in...

Bharat Mediratta Gallery 1.x - Remote File Inclusion

source: https://www.securityfocus.com/bid/5375/info Gallery is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Gallery. An attacker may exploit this by supplying a path to a fi...

CVE-2001-1237

Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable...

CVE-2001-1235

pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable...

CVE-2001-1299

Affected software: Zorbat Zorbstats PHP script prior to 0.9. The issue is remote file inclusion via an HTTP request that sets the includedir variable, enabling attackers to include arbitrary files from remote sites. Root cause appears to be insufficient validation of includedir. Impact per source...

CVE-2001-1299

Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

CVE-2001-1237

CVE-2001-1237 affects Phormation PHP script versions 0.9.1 and earlier. The issue is a remote file inclusion flaw: an HTTP request that modifies the phormationdir variable can cause the application to include files from remote Web sites, enabling remote attackers to execute arbitrary code. This y...

CVE-2001-1297

CVE-2001-1297 describes a PHP remote file inclusion in the ActionPoll PHP script before 1.1.2. An attacker can supply a URL in the includedir parameter to execute arbitrary PHP code on the server. The documents provide the vulnerability details and affected version, but do not include remediation...

PHP-Address 0.2 e - Remote File Inclusion

PHP-Address 0.2 e - Remote File Inclusion source: https://www.securityfocus.com/bid/5039/info PHP-Address is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-suppli...

osCommerce 2.1 - Remote File Inclusion

osCommerce 2.1 - Remote File Inclusion source: https://www.securityfocus.com/bid/5037/info osCommerce is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied P...

osCommerce 2.1 - Remote File Inclusion

source: https://www.securityfocus.com/bid/5037/info osCommerce is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the...

B2 0.6 - 'b2edit.showposts.php?b2inc' Remote File Inclusion

source: https://www.securityfocus.com/bid/4673/info B2 is a news/weblog tool written in php. b2 allows webmasters to quickly post news on the frontpage, and let viewers interact with each other. It is available primarily for Unix and Linux. A variable that is referenced in the PHP scripts does no...

b2 php remote command execution

Site: www.cafelog.com Vulnerable: b2 0.6pre2 and earlier. B2 is a php script which allows webmasters to quikly post news on the frontpage and let viewers interact with eachother. A bug exists in the scripts which allows an attacker to remotely execute commands. Exploit: Taken from...

CVE-2001-1298

Webodex PHP script 1.0 and earlier is vulnerable to an insecure remote file inclusion via an HTTP request that sets the includedir variable. This allows remote attackers to include arbitrary files from remote web sites. The description specifies the affected product and the vulnerable parameter, ...

CVE-2001-1298

Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable...

ADManager 1.1 - Content Manipulation

source: https://www.securityfocus.com/bid/4615/info Admanager is banner advertisement management software. It is written in PHP and will run on most Unix and Linux variants, in addition to Microsoft Windows operating systems. Access to the 'add.php3' script does not require authentication. It is...

xNewsletter 1.0 - Form Field Input Validation

xNewsletter 1.0 - Form Field Input Validation source: https://www.securityfocus.com/bid/4516/info xNewsletter is a script that allows web users to subscribe to a newsletter. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems...

move_uploaded_file breaks safe_mode restrictions in PHP

Hey Its possible to circumvent probadly spelled wrong PHP safemode restrictions by using moveuploadedfile. You take this nasty script and you have domain whatever.com and your directory path is /domains/whatever.com/ ? $file = $HTTPPOSTFILES'file''name'; $type = $HTTPPOSTFILES'file''type'; $size ...