CVE-2005-1876

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template .tpl file...

CVE-2005-1881

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code...

CVE-2005-1868

I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension...

CVE-2005-1876

The CVE-2005-1876 entry describes a direct code injection vulnerability in CuteNews 1.3.6 and earlier . The issue allows remote attackers with administrative privileges to execute arbitrary PHP code by inputs injected into a template file (.tpl), effectively compromising the server’s PHP executio...

CVE-2005-1864

PHP remote file inclusion vulnerability in caladmintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter...

CVE-2005-1882

PHP remote file inclusion vulnerability in lastgallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIGPATH parameter...

CVE-2005-1876

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template .tpl file...

PT-2005-2825 · I-Man · I-Man

Name of the Vulnerable Software and Affected Versions: I-Man versions 0.9 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension. This can be done by exploiting the file upload functionality, potentially leadin...

FlatNuke 2.5.x - 'help.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content...

FlatNuke 2.5.x - help.php Multiple Cross-Site Scripting Vulnerabilities

FlatNuke 2.5.x - help.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to...

[SA15603] FlatNuke Multiple Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

FlatNuke 2.5.x - 'index.php?where' Full Path Disclosure

source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content...

CVE-2005-1881

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code...

CVE-2005-1821

PHP remote file inclusion vulnerability in pdlheader.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php...

CVE-2005-1820

zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the pregreplace function...

[SA15558] I-Man File Attachments Upload Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

PHP-Nuke 7.x - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing...

PHP-Nuke 7.x - Multiple Remote File Inclusions

PHP-Nuke 7.x - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issue...

Fusionphp Fusion News 3.3/3.6 - X-Forworded-For PHP Script Code Injection

source: https://www.securityfocus.com/bid/13661/info FusionPHP Fusion News is prone to a remote PHP code injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. This may facilitate unauthorized access. ? $copyr = " !!! PRIVATE !!! PRIVA...

[SA15312] BoastMachine File Upload Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: BoastMachine File Upload Vulnerability SECUNIA ADVISOR...