CVE-2006-2479

The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site...

Artmedic NewsLetter 4.1 - 'Log.php' Remote Script Execution

source: https://www.securityfocus.com/bid/18047/info Artmedic Newsletter is prone to a remote PHP code-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to create files containing arbitrary conte...

[SA20156] ScozNews "CONFIG[main_path]" File Inclusion Vulnerabilities

TITLE: ScozNews "CONFIGmainpath" File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA20156 VERIFY ADVISORY: http://secunia.com/advisories/20156/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: ScozNews 1.x http://secunia.com/product/10016/ DESCRIPTION: Kacper has...

Remote file inclusion

PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManagerPath parameter to ezusermanagerpwdforgott.php, possibly due to an issue in ezusermanagercore.inc.php...

Squirrelcart cart_content.php cart_isp_root Parameter Remote File Inclusion

The remote host is running Squirrelcart, a shopping cart program written in PHP. The version of Squirrelcart installed on the remote host fails to sanitize user-supplied input to the 'cartisproot' parameter of the 'cartcontent.php' script before using it to include PHP code. Provided PHP's...

Newsportal: code injection vulnerability

Hello, there is a code injection vulnerability in NewsPortal that could give everyone the ability to execute php code on the webserver where newsportal is installed. This bug should only occur if "registerglobals=on" is set in the php.ini. To remove the problem: - install the recent version:...

Remote file inclusion

PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter cfg'popphotobasepath' variable. NOTE: Pixaria has notified CVE...

[SA20115] Php Blue Dragon CMS "vsDragonRootPath" File Inclusion

TITLE: Php Blue Dragon CMS "vsDragonRootPath" File Inclusion SECUNIA ADVISORY ID: SA20115 VERIFY ADVISORY: http://secunia.com/advisories/20115/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Php Blue Dragon CMS 2.x http://secunia.com/product/9942/ DESCRIPTION: Kacper...

[SA20087] PopPhoto "cfg[popphoto_base_path]" File Inclusion Vulnerability

TITLE: PopPhoto "cfgpopphotobasepath" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA20087 VERIFY ADVISORY: http://secunia.com/advisories/20087/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: PopPhoto 3.x http://secunia.com/product/9926/ DESCRIPTION: VietMafia h...

ACal embed/day.php path Parameter Remote File Inclusion

The remote host is running ACal, an open source, web-based event calendar written in PHP. The version of ACal installed on the remote host fails to sanitize user-supplied input to the 'path' parameter of the 'embed/day.php' script before using it in PHP 'include' functions. Provided PHP's...

Pixaria PopPhoto 3.5.4 - CFG[popphoto_base_path] Remote File Inclusion

Pixaria PopPhoto 3.5.4 - CFGpopphotobasepath Remote File Inclusion source: https://www.securityfocus.com/bid/17970/info Pixaria PopPhoto is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can...

Pixaria PopPhoto 3.5.4 - 'CFG[popphoto_base_path]' Remote File Inclusion

source: https://www.securityfocus.com/bid/17970/info Pixaria PopPhoto is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

PHPBB 2.0.20 persistent issues with avatars

PHPBB 2.0.20 multiple issues with avatars some problems persistently lie in the way it handles remote and uploaded avatars: a remote user can: 1 saturate the server with unuseful files, 'cause phpbb do not delete the previous one when you upload a new avatar 2 use PhpBB installations to launch...

FreeBSD : mysql50-server -- COM_TABLE_DUMP arbitrary code execution (a8d8713e-dc83-11da-a22b-000c6ec775d9)

Stefano Di Paola reports : An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. To take advantage of these flaws an attacker should have direct access to MySQL server communication layer port 3306 or unix socket. But if used in conjuction with...

GLSA-200605-13 : MySQL: Information leakage

The remote host is affected by the vulnerability described in GLSA-200605-13 MySQL: Information leakage The processing of the COMTABLEDUMP command by a MySQL server fails to properly validate packets that arrive from the client via a network socket. Impact : By crafting specific malicious packets...

CVE-2006-2335

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

Code injection

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in 1 editsite.php, 2 addsite.php, and 3 in.php. NOTE: The config.php vector is already covered by CVE-2006-1749...

EUVD-2006-2331

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, a...

CVE-2006-2335

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...