CVE-2009-0643

Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party...

Code injection

Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the 1 title or 2 date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is...

RavenNuke 2.3.0 Multiple Remote Vulnerabilities

No description provided by source. waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 16. February 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-72.htm...

RavenNuke 2.3.0 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications =============================================== RavenNuke 2.3.0 Multiple Remote Vulnerabilities =============================================== waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0...

CVE-2008-6138

PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter...

CVE-2008-6132

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...

Sql injection

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...

CVE-2008-6132

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...

FreeBSD : codeigniter -- arbitrary script execution in the new Form Validation class (83574d5a-f828-11dd-9fdf-0050568452ac)

znirkel reports : The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...

CVE-2008-6119

Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the 1 username and 2 password parameters. NOTE: the provenance of this information is unknown; the details are...

Code injection

Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the 1 username and 2 password parameters. NOTE: the provenance of this information is unknown; the details are...

CVE-2009-0517

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

Sql injection

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

CVE-2009-0517

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

CVE-2008-6103

PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter...

CVE-2009-0495

PHP remote file inclusion vulnerability in include/define.php in REALTOR 747 4.11 allows remote attackers to execute arbitrary PHP code via a URL in the INCDIR parameter...

Hedgehog-CMS 1.21 (LFI) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl |----------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS |...

Hedgedog CMS 1.21 LFI / Command Execution

!/usr/bin/perl |----------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS | |----------------------------------------------------------------------------------------------------------------------------------|...

Hedgehog-CMS 1.21 - Local File Inclusion Remote Command Execution

Hedgehog-CMS 1.21 - Local File Inclusion Remote Command Execution !/usr/bin/perl |----------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS |...

Hedgehog-CMS 1.21 (LFI) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ======================================================== Hedgehog-CMS 1.21 LFI Remote Command Execution Exploit ======================================================== !/usr/bin/perl...