Code injection

Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote...

CVE-2007-5781

PHP remote file inclusion vulnerability in inc/sigeinit.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYSPATH parameter...

CVE-2007-5733

Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details...

Unrestricted file upload

Unrestricted file upload vulnerability in the profiles script in ProfileCMS 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving creation of a profile...

CVE-2007-5720

Unrestricted file upload vulnerability in the profiles script in ProfileCMS 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving creation of a profile...

CVE-2007-5720

CVE-2007-5720 : Affected product: ProfileCMS 1.0. The vulnerability is an unrestricted file upload in the profiles script that allows remote attackers to upload and execute arbitrary PHP code via profile creation. The NVD entry lists a CVSS v2 base score of 6.8 (NETWORK, MEDIUM) with partial impa...

Code injection

Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. NOTE: the provenance of this information is unknown; the detai...

CVE-2007-5705

Technical details about CVE-2007-5705 are not publicly available in the provided connected documents; the entry notes remote code execution via settings.inc.php in Jeebles Directory 2.9.60. Monitor for updates.

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the xarg parameter to 1 xargcorner.php, 2 xargcornerbottom.php, and 3 xargcornertop.php...

CVE-2007-5693

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...

Design/Logic Flaw

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...

CVE-2007-5693

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...

[Full-disclosure] Advisory SE-2007-01: TikiWiki Remote PHP Code Evaluation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: TikiWiki Remote PHP Code Evaluation Vulnerability Release Date: 2007/10/29 Last Modified: 2007/10/29 Author: Stefan Esser stefan.esseratsektioneins.de Application: TikiWiki = 1.9.8....

CVE-2002-2319

CVE-2002-2319 affects MySimpleNews: a static code injection vulnerability in users.php allows remote attackers to inject arbitrary PHP code and HTML via the LOGIN, DATA, and MESS parameters, which are inserted into news.php3. This indicates input handling flaws that enable arbitrary code executio...

Flatnuke3 Remote Cookie Manipoulation / Privilege Escalation

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

TikiWiki < 1.9.8.2 Multiple Scripts Local File Inclusion

The remote host is running TikiWiki, an open source wiki application written in PHP. The version of TikiWiki installed on the remote host fails to sanitize input to the 'errorhandlerfile' and/or 'localphp' parameters before using them to include PHP code. Provided PHP's 'registerglobals' setting ...

Remote file inclusion

PHP remote file inclusion vulnerability in modules/Forums/favorites.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary PHP code via a URL in the nukebbrootpath parameter...

OSI CODES - PHP Live! Remote File Inclusion

Aria-Security Team http://Aria-Security.Net Persian Security Network Source Code: ? / COPYRIGHT OSI CODES - PHP Live! / sessionstart ; $l = "" ; // try to get cookie value first if isset $HTTPCOOKIEVARS'COOKIEPHPLIVESITE' $l = $HTTPCOOKIEVARS'COOKIEPHPLIVESITE' ; if isset $HTTPGETVARS'l' $l =...

Flatnuke 3 - Remote Cookie Manipulation Privilege Escalation

Flatnuke 3 - Remote Cookie Manipulation Privilege Escalation --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

CVE-2003-1402

PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the urlhit parameter, a different vulnerability than CVE-2006-5015...