PHPAuction Multiple Script include_path Parameter File Inclusion

The remote host is running PHPAuction, a PHP script for building auction websites. The version of PHPAuction installed on the remote host fails to sanitize input to the 'includepath' parameter of several scripts before using it to include PHP code. An unauthenticated, remote attacker can exploit...

CVE-2008-0300

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences...

Null pointer dereference

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences...

CVE-2008-0300

mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences...

CVE-2008-0300

Mapbender vulnerability CVE-2008-0300 affects Mapbender 2.4 up to 2.4.4, via mapFiler.php. Root cause: lack of input filtering allows PHP code sequences placed in the factor parameter to be written to a file and later executed. Impact: remote code execution on the webserver with the privileges of...

VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Code Execution

!/usr/bin/php -q http://acid-root.new.fr/ [email protected] Exploit: + Logged in Administrator + The administrator has 2 resellers / Changing dareseller's password / Trying to connect as dareseller:thatpwnz + Login successful + The reseller has 2 users + Host domaintest.fr is connected /...

VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit

Exploit for linux platform in category remote exploits ================================================== VHCS http://acid-root.new.fr/ email protected Exploit: + Logged in Administrator + The administrator has 2 resellers / Changing dareseller's password / Trying to connect as dareseller:thatpwn...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to 1 minimal/wiki.php and 2 simplest/wiki.php...

CVE-2008-1124

Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to 1 components/xmlparser/loadparser.php; 2 admin.php, 3 categories.php, 4 categoriesadd.php, 5...

KC Wiki 1.0 - &#039;/minimal/wiki.php?page&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/28074/info KC Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in t...

KC Wiki 1.0 - &#039;/simplest/wiki.php?page&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/28074/info KC Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in t...

PHPMyTourney Remote file include Vulnerability

Hello PHPMyTourney Remote file include Vulnerability Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] home page : http://phpmytourney.sourceforge.net Script : PHPMyTourney vulnerable file : phpmytourney/sources/tourney/index.p...

PHPMyTourney 2 - &#039;/tourney/index.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/28057/info phpMyTourney is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the...

PHPMyTourney 2 - tourneyindex.php Remote File Inclusion

PHPMyTourney 2 - tourneyindex.php Remote File Inclusion source: https://www.securityfocus.com/bid/28057/info phpMyTourney is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote fi...

Urulu 2.1 Blind SQL Injection Vulnerability &#40;CVE-2008-0385&#41;

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: Urulu Vendor: USystems Subject: Blind SQL Injection Vulnerability Risk: High Author: Daniel Roethlisberger Date: 2008-02-25 CVE Name: CVE-2008-0385 Introduction ------------ An AJAX based Blind SQL Injection vulnerability exists in the Web 2....

Urulu 2.1 Blind SQL Injection Vulnerability &#40;CVE-2008-0385&#41;

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: Urulu Vendor: USystems Subject: Blind SQL Injection Vulnerability Risk: High Author: Daniel Roethlisberger Date: 2008-02-25 CVE Name: CVE-2008-0385 Introduction ------------ An AJAX based Blind SQL Injection vulnerability exists in the Web 2....

CVE-2008-1067

Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the SESSIONpath parameter to 1 ezmlm.php and 2 tools/updatetranslations.php...

CVE-2008-1060

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...

CVE-2008-1059

PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter...

Sql injection

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...