CVE-2006-4635

Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in WebExtensions - Notitia I/II. NOTE: due to lack of details, it is not...

CVE-2006-4635

Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in WebExtensions - Notitia I/II. NOTE: due to lack of details, it is not...

CVE-2006-4635

The CVE-2006-4635 entry affects MySource Classic 2.14.6 (and possibly earlier). It describes remote authenticated users with superuser privileges who can inject arbitrary PHP code via the Equation attribute in Web_Extensions - Notitia (I/II). The exact vulnerability type (file inclusion, static c...

[SA21757] MySource Classic Equation Attribute PHP Code Injection

TITLE: MySource Classic Equation Attribute PHP Code Injection SECUNIA ADVISORY ID: SA21757 VERIFY ADVISORY: http://secunia.com/advisories/21757/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: MySource Classic 2.x http://secunia.com/product/5773/ DESCRIPTION: A...

SoftBB 0.1 - cmd Remote Command Execution

SoftBB 0.1 - cmd Remote Command Execution !/usr/bin/perl Affected.scr..: SoftBB 0.1 Poc.ID........: 11060904 Type..........: PHP code execution, SQL Injection, Full Path Disclosure Risk.level....: High Vendor.Status.: Unpatched Src.download..: softbb.be Poc.link......:...

EUVD-2006-4406

Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file...

Wikepage Opus 10 <= 2006.2a (lng) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================================== Wikepage Opus 10 "; $socket = IO::Socket::INET-newProto="tcp", PeerAddr="$server", PeerPort="http80" || die "- Cannot not connect to host !\n"; print $socket "GET...

CVE-2006-3387

CVE-2006-3387 describes a directory traversal vulnerability in Fusion News 1.0. When register_globals is enabled, an attacker can manipulate the fil_config parameter in sources/post.php using a .. sequence to include arbitrary files. This can allow an attacker to execute PHP code that has been in...

GLSA-200606-16 : DokuWiki: PHP code injection

The remote host is affected by the vulnerability described in GLSA-200606-16 DokuWiki: PHP code injection Stefan Esser discovered that the DokuWiki spell checker fails to properly sanitize PHP's 'complex curly syntax'. Impact : A unauthenticated remote attacker may execute arbitrary PHP commands ...

DokuWiki: PHP code injection

Background DokuWiki is a simple to use wiki targeted at developer teams, workgroups and small companies. Description Stefan Esser discovered that the DokuWiki spell checker fails to properly sanitize PHP's "complex curly syntax". Impact A unauthenticated remote attacker may execute arbitrary PHP...

RCblog 1.03 - &#039;POST&#039; Remote Command Execution

!/usr/bin/perl $App : RCblog "; $socket = IO::Socket::INET-newProto="tcp", PeerAddr="$server", PeerPort="http80" || die "- Cannot not connect to host !\n"; print $socket "GET ".$path.$pcode." HTTP/1.1\r\n"; print $socket "User-Agent: ".$pcode."\r\n"; print $socket "Host: ".$server."\r\n"; print...

RCblog 1.03 - POST Remote Command Execution

RCblog 1.03 - POST Remote Command Execution !/usr/bin/perl $App : RCblog "; $socket = IO::Socket::INET-newProto="tcp", PeerAddr="$server", PeerPort="http80" || die "- Cannot not connect to host !\n"; print $socket "GET ".$path.$pcode." HTTP/1.1\r\n"; print $socket "User-Agent: ".$pcode."\r\n";...

RCblog &lt;= 1.03 (post) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl $App : RCblog = 1.03 Remote Command Execution Exploit $Bug : http://tinyphp/index.php?post=../afile%00 $IHST: h4ckerz.com / hackerz.ir / coded & discovered By Hessam-x Hessamx -at- Hessamx.net use IO::Socket; use LWP::Simple; print...

PHPBB 2.0.20 persistent issues with avatars

PHPBB 2.0.20 multiple issues with avatars some problems persistently lie in the way it handles remote and uploaded avatars: a remote user can: 1 saturate the server with unuseful files, 'cause phpbb do not delete the previous one when you upload a new avatar 2 use PhpBB installations to launch...

FreeBSD : mysql50-server -- COM_TABLE_DUMP arbitrary code execution (a8d8713e-dc83-11da-a22b-000c6ec775d9)

Stefano Di Paola reports : An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. To take advantage of these flaws an attacker should have direct access to MySQL server communication layer port 3306 or unix socket. But if used in conjuction with...

GLSA-200605-13 : MySQL: Information leakage

The remote host is affected by the vulnerability described in GLSA-200605-13 MySQL: Information leakage The processing of the COMTABLEDUMP command by a MySQL server fails to properly validate packets that arrive from the client via a network socket. Impact : By crafting specific malicious packets...

Information disclosure

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

EV0084.txt

New eVuln Advisory: Skate Board Multimple Vulnerabilities http://evuln.com/vulns/84/summary.html --------------------Summary---------------- eVuln ID: EV0084 CVE: CVE-2006-0809 CVE-2006-0810 CVE-2006-0811 Software: Skate Board Sowtware's Web Site: http://bb.jiraiya.se/main.php?content=start...

PHP-Stats &lt;= 0.1.9.1 remote commands execution

------------- PHP-Stats = 0.1.9.1 remote commands execution ------------------- software: site: http://www.phpstats.net/ description: Open source statistical package for PHP enabled web sites -------------------------------------------------------------------------------- i vulnerable code in...

[eVuln] Skate Board Multimple Vulnerabilities

New eVuln Advisory: Skate Board Multimple Vulnerabilities http://evuln.com/vulns/84/summary.html --------------------Summary---------------- eVuln ID: EV0084 CVE: CVE-2006-0809 CVE-2006-0810 CVE-2006-0811 Software: Skate Board Sowtware's Web Site: http://bb.jiraiya.se/main.php?content=start...