15 matches found
EUVD-2001-0471
Malware in sbrugna...
EUVD-2006-2159
Malware in sbrugna...
CVE-2021-38319
The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /morefromgoogle.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2...
Design/Logic Flaw
Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...
PhpcmsV9 arbitrary user password modification logic vulnerability-vulnerability warning-the black bar safety net
I actually sent the first vulnerability, see Tick: PhpcmsV9 SQL injection 2 0 1 3-year new year the first Mentioned pass code: parsestrsysauth$POST'data', 'DECODE', $this-applist$this-appid'authkey', $this-data; In phpssoserver/phpcms/modules/phpsso/classes/phpsso. class. php. I leave it up to yo...
Gentoo Security Advisory GLSA 200511-08 (PHP)
The remote host is missing updates announced in advisory GLSA 200511-08. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2007-1383
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286...
CVE-2006-3584
Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables...
CVE-2006-3584
Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables...
Remote file inclusion
Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when registerglobals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remo...
CVE-2004-2352
The CVE-2004-2352 entry documents a Cross-site Scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0. Affected component: GBook for PHP-Nuke 1.0; vulnerability type: XSS via cookies stored in the $_COOKIE variable that are not cleansed by PHP-Nuke. Impact: remote attackers could inject arbitrar...
CVE-2004-2352
Cross-site scripting XSS vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $COOKIE PHP variable, which is not cleansed by PHP-Nuke...
RHEL 3 : squirrelmail (RHSA-2005:135)
An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecur...
memberlist.php of vBulletin
vBulletin ALL versions Vendor status: notified 3/18/2; no response Within the first few lines of code in memberlist.php, the variable $letterbits is evaled. Because of the way PHP initializes variables, we can inject HTML, or JavaScript into the document. So by directing a user to, for example:...
CVE-2001-0475
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter...