950 matches found
PEHEPE Membership Management System 3.0 - Remote PHP Script Code Injection
PEHEPE Membership Management System 3.0 - Remote PHP Script Code Injection source: https://www.securityfocus.com/bid/16887/info PEHEPE Membership Management System is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to facilitate a compromise of the applicati...
CVE-2006-0891
CVE-2006-0891 affects NOCC Webmail 1.0. The vulnerability arises from multiple directory traversal flaws that allow remote attackers to include arbitrary files by manipulating dot-dot sequences and a trailing NULL byte in (1) html/footer.php via _SESSION['nocc_theme'], and (2) lang and (3) theme ...
NOCC 1.0 - 'filter_prefs.php?html_filter_select' Cross-Site Scripting
source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject arbitrary PHP code and execute it ...
NOCC 1.0 - 'html_bottom_table.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject arbitrary PHP code and execute it ...
LinPHA 0.9.x1.0 - forth_stage_install.php Local File Inclusion
LinPHA 0.9.x1.0 - forthstageinstall.php Local File Inclusion source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in...
LinPHA 0.9.x1.0 - install.php Local File Inclusion
LinPHA 0.9.x1.0 - install.php Local File Inclusion source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple...
LinPHA 0.9.x1.0 - sec_stage_install.php Local File Inclusion
LinPHA 0.9.x1.0 - secstageinstall.php Local File Inclusion source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in...
LinPHA 0.9.x/1.0 - 'forth_stage_install.php' Local File Inclusion
source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP code-injection vulnerabilities are d...
LinPHA 0.9.x/1.0 - 'lang' Local File Inclusion
source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP code-injection vulnerabilities are d...
LinPHA 0.9.x/1.0 - 'sec_stage_install.php' Local File Inclusion
source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP code-injection vulnerabilities are d...
LinPHA 0.9.x/1.0 - 'install.php' Local File Inclusion
source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP code-injection vulnerabilities are d...
[SA18268] phpBook "email" PHP Code Injection Vulnerability
TITLE: phpBook "email" PHP Code Injection Vulnerability SECUNIA ADVISORY ID: SA18268 VERIFY ADVISORY: http://secunia.com/advisories/18268/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: phpBook 1.x http://secunia.com/product/6719/ DESCRIPTION: Aliaksandr Hartsuyeu ha...
PHPBook 1.x - Mail Field PHP Code Injection
PHPBook 1.x - Mail Field PHP Code Injection source: https://www.securityfocus.com/bid/16106/info phpBook is prone to a vulnerability that may let remote attackers inject arbitrary PHP code into the application. This code may then be executed by visiting pages that include the injected code. E-mai...
CuteNews flood.db.php HTTP Header PHP Code Injection
Binary data 3230.prm...
Debian DSA-789-1 : php4 - several vulnerabilities
Several security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP...
phpkit161.txt
SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1 Version: PHPKit 1.6.1 Risk: High if magicquotesgpc = Off URL: http://www.phpkit.com SQL Injection in include.php?path=login/member.php The parameters usernick and letters are vulnerable to SQL Injections. POC:...
SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1
SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1 Version: PHPKit 1.6.1 Risk: High if magicquotesgpc = Off URL: http://www.phpkit.com SQL Injection in include.php?path=login/member.php The parameters usernick and letters are vulnerable to SQL Injections. POC:...
CVE-2005-2571
FunkBoard 0.66CF (and possibly earlier) has an access-control flaw: the admin/mysql_install.php and admin/pg_install.php scripts are not properly restricted, allowing an attacker to obtain the database username and password or inject arbitrary PHP code into info.php. The issue is described as a l...
CVE-2005-2571
FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the 1 admin/mysqlinstall.php and 2 admin/pginstall.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php...
Drupal Public Comment PHP Code Injection
Binary data 3053.prm...