CVE-2008-6748

Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI...

Sql injection

Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI...

FreeBSD : php -- php_variables memory disclosure (ad74a1bd-16d2-11d9-bc4a-000c41e2cdad)

Stefano Di Paola reports : Bad array parsing in phpvariables.c could lead to show arbitrary memory content such as pieces of php code and other data. This affects all GET, POST or COOKIES variables. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in th...

Dokeos Lms 1.8.5 - 'whoisonline.php' PHP Code Injection

striptags$el2'; 108. break; 109. case SORTSTRING : 1...

CVE-2008-6731

CVE-2008-6731 describes an unrestricted file upload vulnerability in submitlink.php of FlexPHPLink Pro 0.0.7 . An attacker can upload a file with an executable extension and then access the renamed file under the linkphoto/ path to execute arbitrary PHP code remotely. The vulnerability stems from...

CVE-2009-1285

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

Code injection

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

phpMyAdmin配置文件PHP代码注入漏洞

BUGTRAQ ID: 34526 CVECAN ID: CVE-2009-1285 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin所使用的setup脚本没有正确地过滤配置参数，如果远程攻击者向服务器提交了恶意的POST请求，就可以在所生成的配置文件中注入任意PHP代码。 phpMyAdmin phpMyAdmin 3.x phpMyAdmin phpMyAdmin 2.11.x phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

phpMyAdmin Setup Script Configuration Parameters Arbitrary PHP Code Injection (PMASA-2009-4)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application. This version is affected by the following vulnerabilities : - The setup script inserts the unsanitize...

Insufficient output sanitizing when generating configuration file.

PMASA-2009-4 Announcement-ID: PMASA-2009-4 Date: 2009-04-14 Summary Insufficient output sanitizing when generating configuration file. Description Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

phpmyadmin -- insufficient output sanitizing when generating configuration file

phpMyAdmin Team reports: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. This...

CVE-2009-1278

Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X GBX 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php...

Code injection

Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X GBX 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php...

CVE-2009-1278

Gravity Board X (GBX) 2.0 BETA has a static code injection in forms/ajax/configure.php that allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php. Affected: GBX 2.0 BETA; vulnerable file: forms/ajax/configure.php. Root cause: configuration work...

CVE-2008-6651

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter...

Code injection

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter...

CVE-2008-6651

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter...

CVE-2008-6651

The CVE-2008-6651 entry covers a static code injection in OxYProject OxYBox 0.85, specifically in edithistory.php. The vulnerability arises because an attacker can inject arbitrary PHP code into oxyhistory.php through the oxymsg parameter, enabling remote code execution. The affected component is...

Jinzora name Parameter Local File Inclusion

The remote host is running Jinzora, a web-based media streaming and management system written in PHP. The version of Jinzora installed on the remote host fails to filter user-supplied input to the 'name' variable in the 'index.php' script when 'op' is set before using it to include PHP code...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the themedirectory parameter to 1 container.php and 2 header.php in themes/...