CVE-2008-3922

CVE-2008-3922 affects AWStats Totals (awstatstotals.php) versions 1.0–1.14. The vulnerability stems from unsanitized sort parameter usage in multisort(), enabling remote code execution by crafting PHP sequences to create an anonymous PHP function. Public references and tooling include Exploit-DB ...

CVE-2008-3555

Directory traversal vulnerability in index.php in 1 WSN Forum 4.1.43 and earlier, 2 Gallery 4.1.30 and earlier, 3 Knowledge Base WSNKB 4.1.36 and earlier, 4 Links 4.1.44 and earlier, and possibly 5 Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via ...

Directory traversal

Directory traversal vulnerability in index.php in 1 WSN Forum 4.1.43 and earlier, 2 Gallery 4.1.30 and earlier, 3 Knowledge Base WSNKB 4.1.36 and earlier, 4 Links 4.1.44 and earlier, and possibly 5 Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via ...

CVE-2008-3555

Directory traversal vulnerability in index.php in 1 WSN Forum 4.1.43 and earlier, 2 Gallery 4.1.30 and earlier, 3 Knowledge Base WSNKB 4.1.36 and earlier, 4 Links 4.1.44 and earlier, and possibly 5 Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via ...

Directory traversal

Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP...

CVE-2008-3415

CVE-2008-3415 affects CMScout 2.05 (and related listings reference CMScout 2.06). The vulnerability is a directory traversal in common.php when .htaccess is not supported, allowing remote attackers to include and execute arbitrary local files through crafted directory traversal sequences in the b...

CVE-2008-3415

Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP...

Directory traversal

Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the set parameter, as demonstrated by sending a certain CLIENTIP HTTP header in an enter action to index.php, and injecting PHP sequences into...

CVE-2008-0478

Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the set parameter, as demonstrated by sending a certain CLIENTIP HTTP header in an enter action to index.php, and injecting PHP sequences into...

CVE-2008-0478

CVE-2008-0478 affects SetCMS 3.6.5 with a directory traversal flaw in index.php. The vulnerability arises from including locally stored files via a crafted set parameter, enabling arbitrary code execution when a PHP sequence is injected into files/enter.set and then included by index.php. The att...

CVE-2007-5453

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the options table, which is used in an eval function call by 1 admin.php, 2 click.php, 3 download.php, and...

Design/Logic Flaw

tiki-graphformula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by createfunction...

CVE-2007-5423

tiki-graphformula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by createfunction...

CVE-2007-5423

tiki-graphformula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by createfunction...

Design/Logic Flaw

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the lastmodule parameter...

CVE-2007-5056

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the lastmodule parameter...

CVE-2007-4187

Multiple eval injection vulnerabilities in the comsearch component in Joomla! 1.5 beta before RC1 aka Mapya allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to defaultresults.php in 1 components/comsearch/views/search/tmpl/ and 2...

Directory traversal

Directory traversal vulnerability in bbcoderef.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. dot dot in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log...

Directory traversal

Directory traversal vulnerability in zdnumer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included ...

Directory traversal

Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log fil...