NOCC 1.0 - filter_prefs.php?html_filter_select Cross-Site Scripting

NOCC 1.0 - filterprefs.php?htmlfilterselect Cross-Site Scripting source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can...

NOCC 1.0 - 'html_bottom_table.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject arbitrary PHP code and execute it ...

NOCC 1.0 - 'no_mail.php?html_no_mail' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to inject arbitrary PHP code and execute it ...

Noah's Classifieds 1.0/1.3 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/16780/info Noah's Classifieds is prone to a remote file-include vulnerability. An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the...

EV0072.txt

New eVuln Advisory: Magic News Lite PHP Code Execution & Unauthorized Data Modification http://evuln.com/vulns/72/summary.html --------------------Summary---------------- eVuln ID: EV0072 CVE: CVE-2006-0723 CVE-2006-0724 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com...

Noahs Classifieds 1.01.3 - index.php Remote File Inclusion

Noahs Classifieds 1.01.3 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/16780/info Noah's Classifieds is prone to a remote file-include vulnerability. An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process...

CVE-2006-0831

PHP remote file include vulnerability in index.php in Tasarim Rehberi allows remote attackers to execute arbitrary PHP code via a URL in the 1 sayfaadi or 2 sayfa parameter. NOTE: this might be a site-specific issue. If so, it should not be included in CVE...

CVE-2006-0810

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection...

CVE-2006-0810

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection...

coppermine -- File Inclusion Vulnerabilities

Secunia reports: Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people and by malicious users to compromise a vulnerable system. 1 Input passed to the "lang" parameter in include/init.inc.php isn't properly verified, before it is used to include files. This can...

Sql injection

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via 1 the contactgroupid parameter in addressbook.update.php, 2 the messageid parameter in addressbook.add.php, 3 the folderid parameter in folders.update.php, and possibly...

CVE-2006-0757

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via 1 the contactgroupid parameter in addressbook.update.php, 2 the messageid parameter in addressbook.add.php, 3 the folderid parameter in folders.update.php, and possibly...

CVE-2006-0757

CVE-2006-0757 describes multiple PHP eval-injection vulnerabilities in HiveMail 1.3 and earlier, allowing remote attackers to execute arbitrary PHP code via various parameters (e.g., contactgroupid in addressbook.update.php, messageid in addressbook.add.php, folderid in folders.update.php, and ot...

CVE-2006-0757

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via 1 the contactgroupid parameter in addressbook.update.php, 2 the messageid parameter in addressbook.add.php, 3 the folderid parameter in folders.update.php, and possibly...

Dreamcost HostAdmin 3.0 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/16682/info HostAdmin is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...

Remote file inclusion

PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter...

CVE-2006-0688

PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter...

dotProject 2.0 - modulesprojectsgantt2.php?dPconfig[root_dir] Remote File Inclusion

dotProject 2.0 - modulesprojectsgantt2.php?dPconfigrootdir Remote File Inclusion source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...

dotProject 2.0 - '/includes/session.php?baseDir' Remote File Inclusion

source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...

dotProject 2.0 - '/modules/projects/vw_files.php?dPconfig[root_dir]' Remote File Inclusion

source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...