7204 matches found
CVE-2008-6593
SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php...
Sql injection
SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php...
CVE-2008-6593
CVE-2008-6593 describes an SQL injection in LightNEasy SQLite 1.2.2 and earlier affecting lightneasy.php. The vulnerability allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php, due to insufficient input validation in the affected component. T...
FreeBSD : pivot-weblog -- file deletion vulnerability (0fe73a4a-1b18-11de-8226-0030843d3802)
Secunia reports : A vulnerability has been discovered in Pivot, which can be exploited by malicious people to delete certain files. Input passed to the 'refkey' parameter in extensions/bbclonetools/count.php is not properly sanitised before being used to delete files. This can be exploited to...
My Simple Forum 7.1 (LFI) Remote Command Execution Exploit
No description provided by source. !/usr/bin/perl My Simple Forum v7.1 Remote Command Execution Exploit Apache Log Poisoning/Injection Local File Inclusion at /theme/default/index.template.php?action=lf%00 XSS at /theme/default/index.template.php?Name=XSS - This needs Register Globals ON Credits ...
My Simple Forum 7.1 (LFI) Remote Command Execution Exploit
Exploit for unknown platform in category web applications ========================================================== My Simple Forum 7.1 LFI Remote Command Execution Exploit ========================================================== !/usr/bin/perl My Simple Forum v7.1 Remote Command Execution...
CVE-2008-6530
Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file...
CVE-2008-6530
The CVE-2008-6530 entry describes an Unrestricted file upload in editimage.php of eZoneScripts Living Local 1.1 . The vulnerability permits remote authenticated administrators to upload a file with an executable extension and then access it directly to execute arbitrary PHP code. This can comprom...
CVE-2008-6530
Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file...
CVE-2009-1151
CVE-2009-1151 affects phpMyAdmin 2.11.x (before 2.11.9.5) and 3.x (before 3.1.3.1). The flaw is a static code injection in setup.php that lets a remote attacker inject arbitrary PHP code into the generated configuration file via the save action. The issue arises from insufficient validation/misco...
phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
Description phpMyAdmin is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks...
Insufficient output sanitizing when generating configuration file.
PMASA-2009-3 Announcement-ID: PMASA-2009-3 Date: 2009-03-24 Summary Insufficient output sanitizing when generating configuration file. Description Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...
[SA34410] PHP Classifieds Cross-Site Scripting and File Upload Vulnerabilities
---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: Vulnerability Research Software Inspection Results Secunia Research Highlights Secunia Advisory Statistics...
Remote file inclusion
PHP remote file inclusion vulnerability in slideshowuploadvideo.content.php in SharedLog, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSrootdir parameter...
FreeBSD : roundcube -- webmail script insertion and php code injection (35c0b572-125a-11de-a964-0030843d3802)
Secunia reports : Some vulnerabilities have been reported in RoundCube Webmail, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct script insertion attacks and compromise a vulnerable system. The HTML 'background' attribute within e.g...
Dagger RFI Vulnerability (Mar 2009) - Active Check
Dagger is prone to a remote file include RFI vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
GhostScripter Amazon Shop Multiple Vulnerabilities (Mar 2009) - Active Check
Amazon Shop is prone to multiple vulnerabilities, including a cross-site scripting issue, a directory-traversal issue, and multiple remote file-include issues, because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be...
Authentication flaw
Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information...
Code injection
Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter...
CVE-2008-6446
Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter...