7187 matches found
LinPHA 0.9.x/1.0 - 'lang' Local File Inclusion
source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP code-injection vulnerabilities are d...
HiveMail 1.2.2/1.3 - 'folders.update.php?folderid' Arbitrary PHP Command Execution
source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP code-execution issues are the result of an input-validation error that...
CVE-2006-0636
desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the SESSION variable before calling the sessionstart function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using...
CVE-2006-0636
desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the SESSION variable before calling the sessionstart function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using...
FCKEditor 2.0 2.2 - FileManager connector.php Arbitrary File Upload
FCKEditor 2.0 2.2 - FileManager connector.php Arbitrary File Upload a short explaination: if a user cam call directly http://target/path/editor/filemanager/browser/default/connectors/php/connector.php he can upload malicious contempt on a target server, including arbitrary php code, and launch...
Farsinews 2.1 - Loginout.php Remote File Inclusion
Farsinews 2.1 - Loginout.php Remote File Inclusion source: https://www.securityfocus.com/bid/16440/info FarsiNews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...
Farsinews 2.1 - 'Loginout.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/16440/info FarsiNews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...
Update Protection against phpBB and PHPGedView Remote Execution Vulnerabilities
phpBB is a widely used bulletin board software package. PhpGedView is a genealogy program which allows for genealogy viewing and editing on the Web. Several vulnerabilities reported in phpBB and in PhpGedView could allow an attacker to execute arbitrary PHP code...
EV0029.txt
New eVuln Advisory: Light Weight Calendar PHP Code Execution http://evuln.com/vulns/29/summary.html --------------------Summary---------------- Software: Light Weight Calendar Sowtware's Web Site: http://sourceforge.net/projects/lwcal/ Versions: 1.0 Critical Level: Dangerous Type: PHP Code...
Remote file inclusion
PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter...
[eVuln] Light Weight Calendar PHP Code Execution
New eVuln Advisory: Light Weight Calendar PHP Code Execution http://evuln.com/vulns/29/summary.html --------------------Summary---------------- Software: Light Weight Calendar Sowtware's Web Site: http://sourceforge.net/projects/lwcal/ Versions: 1.0 Critical Level: Dangerous Type: PHP Code...
Design/Logic Flaw
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the dbid parameter to visitorupload.php, as demonstrated using phpinfo and include function calls...
CVE-2006-0214
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the dbid parameter to visitorupload.php, as demonstrated using phpinfo and include function calls...
CVE-2006-0214
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the dbid parameter to visitorupload.php, as demonstrated using phpinfo and include function calls...
Sql injection
Eval injection vulnerability in Light Weight Calendar LWC 1.0 20040909 and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php...
CVE-2006-0206
Eval injection vulnerability in Light Weight Calendar LWC 1.0 20040909 and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php...
[eVuln] ACal Authentication Bypass & PHP Code Insertion
New eVuln Advisory: ACal Authentication Bypass & PHP Code Insertion --------------------Summary---------------- Software: ACal Sowtware's Web Site: http://acalproj.sourceforge.net/ Versions: 2.2.5 Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Availabl...
CVE-2006-0183
Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via 1 the edit=header value, which modifies header.php, or 2 the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from th...
Code injection
Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via 1 the edit=header value, which modifies header.php, or 2 the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from th...
[SA18432] ACal "ACalAuthenticate" Authentication Bypass Vulnerability
TITLE: ACal "ACalAuthenticate" Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA18432 VERIFY ADVISORY: http://secunia.com/advisories/18432/ CRITICAL: Highly critical IMPACT: Security Bypass, System access WHERE: From remote SOFTWARE: ACal 2.x http://secunia.com/product/3884/ DESCRIPTION...