Code injection

phgstats.inc.php in phgstats before 0.5.1, if registerglobals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable...

CVE-2006-0164

phgstats.inc.php in phgstats before 0.5.1, if registerglobals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable...

Directory traversal

addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory...

CVE-2006-0169

addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory...

CVE-2006-0164

phgstats.inc.php in phgstats before 0.5.1, if registerglobals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable...

Code injection

The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function...

AppServ Open Project 2.4.5 - Remote File Inclusion

source: https://www.securityfocus.com/bid/16166/info AppServ Open Project is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an...

AppServ Open Project 2.4.5 - Remote File Inclusion

AppServ Open Project 2.4.5 - Remote File Inclusion source: https://www.securityfocus.com/bid/16166/info AppServ Open Project is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this...

EV0019.txt

New eVuln Advisory: NavBoard BBcode XSS Vulnerability --------------------Summary---------------- Vendor: NavBoard Vendor's Web Site: http://navarone.f2o.org/ Software: NavBoard Sowtware's Web Site: http://sourceforge.net/projects/navboard/ Versions: checked: V16 Stable2.6.0 and V17beta2 Critical...

CVE-2006-0094

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the incstat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

CVE-2006-0076

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter...

Night cat article system Version 2.1.0 cross site & injection vulnerability-vulnerability warning-the black bar safety net

Articles have been published in thehack the x-Files2 0 0 6 in the first period Cross-site vulnerability: night cat article system code amount is not very large, then we will from the most basic to start it, open the registration page to register. php see the following code if $POSTaction ==...

EV0006.txt

New eVuln Advisory: phpBook PHP Code Execution --------------------Summary---------------- Software: phpBook http://sourceforge.net/projects/phpbook/ Versions: 1.3.2 and earlier Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Available Solution: Not...

EV0003.txt

New eVuln Advisory: oaBoard PHP Code Execution --------------------Summary---------------- Software: oaBoard Versions: 1.0 Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu [email protected]...

[eVuln] oaBoard PHP Code Execution

New eVuln Advisory: oaBoard PHP Code Execution --------------------Summary---------------- Software: oaBoard Versions: 1.0 Critical Level: Dangerous Type: PHP Code Execution Class: Remote Status: Unpatched Exploit: Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu [email protected]...

cijfer-cnxpl.pl.txt

!/usr/bin/perl cijfer-cnxpl - CuteNews All rights reserved. 1. example cijfer@kalma:/research$ ./cijfer-cnxpl.pl -h www.xxxx.org -d /news [email protected] /$ id;uname -a uid=48apache gid=48apache groups=48apache,29000webserving context=root:systemr:httpdsysscriptt Linux server.xxxx.org...

[SA18268] phpBook "email" PHP Code Injection Vulnerability

TITLE: phpBook "email" PHP Code Injection Vulnerability SECUNIA ADVISORY ID: SA18268 VERIFY ADVISORY: http://secunia.com/advisories/18268/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: phpBook 1.x http://secunia.com/product/6719/ DESCRIPTION: Aliaksandr Hartsuyeu ha...

CuteNews 1.4.1 - categories.mdu Remote Command Execution

CuteNews 1.4.1 - categories.mdu Remote Command Execution !/usr/bin/perl cijfer-cnxpl - CuteNews All rights reserved. 1. example cijfer@kalma:/research$ ./cijfer-cnxpl.pl -h www.xxxx.org -d /news [email protected] /$ id;uname -a uid=48apache gid=48apache groups=48apache,29000webserving...

PHPBook 1.x - Mail Field PHP Code Injection

PHPBook 1.x - Mail Field PHP Code Injection source: https://www.securityfocus.com/bid/16106/info phpBook is prone to a vulnerability that may let remote attackers inject arbitrary PHP code into the application. This code may then be executed by visiting pages that include the injected code. E-mai...

OABoard 1.0 Forum - Remote File Inclusion

source: https://www.securityfocus.com/bid/16105/info The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application. This could result in the execution of arbitrary PHP code in the context of th...