Coinbase: User provided values passed to PHP unset() function

In the Coinbase wpe commerce open source library, a researcher observed a call to the PHP unset function that relied on user controlled input. The reporter observed that this could allow a malicious user to destroy arbitrary variables in the environment where this library is deployed...

WoltLab Burning Board Lite wbb_userid Parameter PHP Unset SQL Injection

The remote version of Burning Board Lite fails to sanitize input to the 'wbbuserid' parameter before using it in a database query. Provided PHP's 'registerglobals' setting is enabled and 'magicquotesgpc' setting is disabled, an unauthenticated attacker may be able to leverage this issue to uncove...

CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

CVE-2006-4466

Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in t...