CVE-2009-3817

PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary combooklibrary component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this...

Code injection

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...

CVE-2009-3814

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...

Code injection

Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party...

CVE-2009-3760

CVE-2009-3760 affects the Citrix XenCenterWeb XenServer Resource Kit sample code: a vulnerability in config/writeconfig.php where the pool1 parameter enables static code injection into include/config.ini.php, allowing remote attackers to inject arbitrary PHP code. Root cause is improper handling ...

WordPress Zaps Security Bugs in 'Hardening Release'

The WordPress blog software has been upgraded to version 2.8.5 to backport a number of security hardening changes to make WordPress-powered blogs more secure. Here’s a glimpse of some of the security fixes being pushed out: A fix for the Trackback Denial-of-Service attack that is currently being...

Piwik Build 1357 2009-08-02 Remote File Upload

Piwik Build , fclose$jfh; ? IV. PROOF OF CONCEPT ./libs/open-flash-chart/php-ofc-library/ofcuploadimag...

CVE-2009-3705

PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the configatkroot parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9.4.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathToIndex parameter to 1 Calendar.php, 2 Comment.php, 3 Rss.php and 4 Trackback.php in lib/Loggix/Module/; and 5...

DSA-1897-1 horde3 - arbitrary code execution

Bulletin has no description...

CVE-2009-3324

PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sPath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sPath parameter...

CVE-2009-3306

PHP remote file inclusion vulnerability in include/header.php in ClearSite 4.50 allows remote attackers to execute arbitrary PHP code via a URL in the csbasepath parameter...

CVE-2009-3236

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...

Design/Logic Flaw

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...

CVE-2009-3236

The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...

CVE-2009-3220

PHP remote file inclusion vulnerability in cphtml2txt.php in All In One Control Panel AIOCP 1.4.001 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

Siemens Gigaset SE361 Wlan - Remote Reboot

Attacking port 1723flood, it restarts the device almost instantly, here's the code in PHP. It takes a few bytes for the AP to automatically restart ?php $apaddr = "192.168.2.1"; $apport="1723"; $con = fsockopen$apaddr, $apport, $errno, $errstr; if !$con echo "$errstr $errnobr /n"; else $trash =...

CVE-2009-3174

PHP remote file inclusion vulnerability in fonctionsracine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cheminlib parameter...