CVE-2004-2631

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name...

DoceboLMS <= 2.0.4 connector.php Shell Upload Exploit

No description provided by source. ?php ---docebo204xpl.php 15.38 04/12/2005 DoceboLMS AKA SpaghettiLearning= 2.0.4 connector.php Shell Upload coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "This is called, using the conquered...

CVE-2005-3968

SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter...

CVE-2005-3859

PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter...

PHP Doc System 1.5.1 - Local File Inclusion

PHP Doc System 1.5.1 - Local File Inclusion source: https://www.securityfocus.com/bid/15611/info PHP Doc System is prone to a local file-include vulnerability. This is due to the application's failure to properly sanitize user-supplied input. This may facilitate the unauthorized viewing of files...

PHP Doc System 1.5.1 - Local File Inclusion

source: https://www.securityfocus.com/bid/15611/info PHP Doc System is prone to a local file-include vulnerability. This is due to the application's failure to properly sanitize user-supplied input. This may facilitate the unauthorized viewing of files and unauthorized execution of local PHP code...

Remote file include in Athena

Language: PHP Script: Athena Version: 0.1a Official website: http://sourceforge.net/projects/athena Problem: Remote file inclusion Discovered by: beford & GB Description: =========== A simple website management system written in oo php that uses a mysql database to store user and group rights and...

CVE-2005-3820

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. dot dot and null byte "%00" sequences in the 1 module parameter and 2 action parameter in the Leads...

CVE-2005-3820

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. dot dot and null byte "%00" sequences in the 1 module parameter and 2 action parameter in the Leads...

Q-News 2.0 - Remote File Inclusion

source: https://www.securityfocus.com/bid/15576/info Q-News is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer...

CVE-2005-3796

Direct static code injection vulnerability in adminoptionsmanage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this doe...

[SA17693] vtiger CRM Multiple Vulnerabilities

TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17693 VERIFY ADVISORY: http://secunia.com/advisories/17693/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access WHERE: From remote SOFTWARE...

Torrential 1.2 - Getdox.php Directory Traversal

Torrential 1.2 - Getdox.php Directory Traversal source: https://www.securityfocus.com/bid/15530/info Torrential is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. An attacker can exploit this issue to retrieve arbitrary remote PHP...

CVE-2003-1251

CVE-2003-1251 affects the N/X Web Content Management System. The vulnerable scripts are (1) menu.inc.php, (2) datasets.php, and (3) mass_operations.inc.php (often misspelled as mass_opeations.inc.php). The vulnerability arises from a remote-file-include flaw where a c_path references a URL on a r...

CVE-2002-2128

CVE-2002-2128 affects editform.php in w-Agora 4.1.5, enabling local users to run arbitrary PHP code via .. sequences in the file parameter (path traversal). Documented by NVD and Red Hat/CVE listings; CVSSv2 base score 4.6 (LOCAL access, LOW attack complexity, PARTIAL confidentiality/integrity/av...

CVE-2002-2128

editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. dot dot sequences in the file parameter...

CVE-2002-2134

haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file...

CVE-2002-2130

publishxpdocs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERYBASEDIR parameter to reference a URL on a remote web server that contains the code...

CVE-2003-1241

Cross-site scripting vulnerability XSS in 1 adminindex.php, 2 adminpass.php, 3 adminmodif.php, and 4 adminsuppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via...

CVE-2003-1256

afflistelangue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the repinclude parameter to reference a URL on a remote web server that contains paralangue.php...