1132 matches found
PhotoPost PHP < 5.0.1 Multiple Remote Vulnerabilities
According to its banner, the version of PhotoPost PHP installed on the remote host has several vulnerabilities: - An Access Validation Vulnerability. The 'adm-photo.php' script fails to verify authentication credentials, which allows an attacker to change the properties of thumbnails of uploaded...
PHP, ASP, CGI web applications security vulnerabilities
PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...
CVE-2005-0567
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the 1 theme parameter to phpmyadmin.css.php or 2 cfgServerextension parameter to databaseinterface.lib.php to reference a URL on a remote web server that contai...
PHP, ASP, CGI web applications security vulnerabilities
PHP inclusions, SQL injections, directory traversals, crossite scripting, etc...
[SA14321] Ulog-php SQL Injection Vulnerabilities
TITLE: Ulog-php SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA14321 VERIFY ADVISORY: http://secunia.com/advisories/14321/ CRITICAL: Less critical IMPACT: Manipulation of data WHERE: From local network SOFTWARE: Ulog-php 0.x http://secunia.com/product/4684/ DESCRIPTION: Some vulnerabilities...
DCP-Portal Multiple Scripts SQL Injection
The remote host is running DCP-Portal, a content management system powered by PHP. The version of DCP-Portal installed on the remote host fails to sanitize user-supplied input to many of its parameters before using it, either in database queries or dynamic web page generation. An attacker may be...
CVE-2005-0380
Multiple PHP remote file inclusion vulnerabilities in 1 printcategory.php, 2 login.php, 3 setup.php, 4 askpassword.php, or 5 error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that...
CVE-2004-1421
Multiple PHP remote file inclusion vulnerabilities 1 stepone.php, 2 steponetables.php, 3 steptwotables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the serverinc parameter to reference a URL on a remote web server that contains the cod...
Debian DSA-669-1 : php3 - several vulnerabilities
Two vulnerabilities have been discovered in php4 which also apply to the version of php3 in the stable Debian distribution. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0594 The memorylimit functionality allows remote attackers to execute arbitra...
squirrelmail -- XSS and remote code injection vulnerabilities
A SquirrelMail Security Advisory reports: SquirrelMail 1.4.4 has been released to resolve a number of security issues disclosed below. It is strongly recommended that all running SquirrelMail prior to 1.4.4 upgrade to the latest release. Remote File Inclusion Manoel Zaninetti reported an issue in...
CVE-2004-1018
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via 1 a negative offset value to the shmopwrite function, 2 an "integer overflow/underflow" in the pack function, or 3 an "integer...
CVE-2004-1019
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow"...
CVE-2004-1018
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via 1 a negative offset value to the shmopwrite function, 2 an "integer overflow/underflow" in the pack function, or 3 an "integer...
CGI/PHP/ASP bugs
No description provided...
sugarCRM.txt
---------------------------------------------------------------------------- Cross Site Scripting Vulnerabilities and Possible Code Execution in SugarCRM ---------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2004 Location: Basqu...
PhpIncludeWorm.txt
!/usr/bin/perl use LWP::Simple; use IO::Socket::INET; while1 $numr = int rand9999; $caxe = "."; $caxe1 = "."; $caxe .= rand9999; $caxe1 .= rand9999; $arq = "."; $arq = int rand9999; opensites,"$arq"; print sites ""; closesites; $procura = 'inurl:.php?=' . $numr; for$n=0;$nnewPeerAddr =...
CVE-2004-1423
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office VLO and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpcrootpath parameter to 1 includes/calendar.ph...
CVE-2004-1421
Multiple PHP remote file inclusion vulnerabilities 1 stepone.php, 2 steponetables.php, 3 steptwotables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the serverinc parameter to reference a URL on a remote web server that contains the cod...
Multiple PHP bugs
Integer overflow leading to memory content leak, safe mode protection bypass, openlog buffer overflow, etc...
PHP: Multiple vulnerabilities
Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description Stefan Esser and Marcus Boerger reported several different issues in...