CVE-2005-2544

PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the pathdocroot parameter...

SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities

The remote host is running SysCP, an open source control panel written in PHP. The version of SysCP installed on the remote host uses user-supplied input to several variables in various scripts without sanitizing it. Provided PHP's 'registerglobals' setting is enabled, an attacker can exploit the...

Gravity Board X 1.1 - CSS Template Unauthorized Access

Gravity Board X 1.1 - CSS Template Unauthorized Access source: https://www.securityfocus.com/bid/14502/info Gravity Board X GBX is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to...

Gravity Board X 1.1 - CSS Template Unauthorized Access

source: https://www.securityfocus.com/bid/14502/info Gravity Board X GBX is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to privileged functions. An attacker can exploit this...

FlatNuke < 2.5.6 Multiple Remote Vulnerabilities

The remote host is running FlatNuke, a content management system written in PHP that uses flat files rather than a database for its storage. The version of FlatNuke installed on the remote host suffers from several flaws: - Arbitrary PHP Code Execution Vulnerability The application fails to remov...

Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal)

The remote host is running eCommerce, a web-based shopping system from Comdev. The installed version of eCommerce allows remote attackers to control the 'pathdocroot' parameter used when including PHP code in the 'config.php' script. By leveraging this flaw, an attacker may be able to view...

CVE-2005-2437

Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code...

CVE-2005-2437

Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code...

CVE-2005-2437

The CVE-2005-2437 entry concerns Website Baker Project, where uploaded file extensions are not properly verified. This allows remote attackers to upload and execute arbitrary PHP code due to the insufficient validation of the file type during upload. The available references (NVD, CVE, CVEList) c...

Atomic Photo Album 0.x1.0 - Apa_PHPInclude.INC.php Remote File Inclusion

Atomic Photo Album 0.x1.0 - ApaPHPInclude.INC.php Remote File Inclusion source: https://www.securityfocus.com/bid/14368/info Atomic Photo Album is susceptible to a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...

[SECURITY] [DSA 764-1] New cacti packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 764-1 [email protected] http://www.debian.org/security/ Martin Schulze July 21st, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 764-1] New cacti packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 764-1 [email protected] http://www.debian.org/security/ Martin Schulze July 21st, 2005 http://www.debian.org/security/faq -...

CVE-2005-2331

PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter...

CVE-2005-2328

PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 and 0.3.2.7 allows remote attackers to execute arbitrary PHP code via the CFGPATH variable...

CVE-2005-2331

PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter...

SUSE-SA:2005:041: php/pear XML::RPC

The remote host is missing the patch for the advisory SUSE-SA:2005:041 php/pear XML::RPC. A bug in the PEAR::XMLRPC library allowed remote attackers to pass arbitrary PHP code to the eval function. The updated php packages fix the XML::RPC bug, however several third party PHP packages include a...

FreeBSD : phpbb -- remote PHP code execution vulnerability (4afacca1-eb9d-11d9-a8bd-000cf18bbe54)

FrSIRT Advisory reports : A vulnerability was identified in phpBB, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the 'viewtopic.php' script that does not properly filter the 'highlight' parameter before calling the...

e107617.txt

Software: http://www.e107.org Author: Heintz Advisory origin: http://www.waraxe.us Software bugtracker: http://e107.org/e107plugins/bugtracker2/bugtracker2.php?0.bug.558 e107 v 0.617 search.php line 142 if$POST'searchquery' echo ""; unset$text; extract$POST; here extract registeres and overwrites...

CVE-2005-2179

PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter...

PPA functions.inc.php config[ppa_root_path] Parameter Remote File Inclusion

The remote host is running PPA, a free, PHP-based photo gallery. The installed version of PPA allows remote attackers to control the 'configpparootpath' variable used when including PHP code in the 'inc/functions.inc.php' script. By leveraging this flaw, an attacker may be able to view arbitrary...