Smarty: Template vulnerability

Background Smarty is a template engine for PHP. The "template security" feature of Smarty is designed to help reduce the risk of a system compromise when you have untrusted parties editing templates. Description A vulnerability has been discovered within the regexreplace modifier of the Smarty...

CVE-2005-0913

Smarty vulnerability CVE-2005-0913 affects the regex_replace modifier in Smarty versions before 2.6.8, enabling attackers to execute arbitrary PHP code. The Gentoo GLSA and related open-source advisories describe a remote code execution risk via the template engine’s regex_replace modifier when u...

CVE-2005-0931

PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code...

CVE-2005-0909

PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter...

CVE-2005-0887

Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in 1 functions.inc.php or 2 main.php, which causes code to be injected into an eval statement...

CVE-2005-0887

Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in 1 functions.inc.php or 2 main.php, which causes code to be injected into an eval statement...

Double Choco Latte 0.9.30.9.4 - main.php Arbitrary PHP Code Execution

Double Choco Latte 0.9.30.9.4 - main.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry...

[SA14688] Double Choco Latte Cross-Site Scripting and PHP Code Execution

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Double Choco Latte Cross-Site Scripting and PHP Code...

Double Choco Latte 0.9.3/0.9.4 - 'main.php' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/12894/info Double Choco Latte is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting/HTML injection attacks and execute arbitrary...

CVE-2005-0800

PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720...

paNews 2.0.4b Multiple Input Validation Vulnerabilities

The remote host is running a version of paNews that suffers from the following vulnerabilities: - SQL Injection Issue in the 'login' method of includes/auth.php. A remote attacker can leverage this vulnerability to add users with arbitrary privileges. - Local Script Injection Vulnerability in...

PHP mcNews arbitrary file inclusion

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- BadRoot Security Advisory 2005-0x01 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Thu Mar 17 2005 - 00:46 am GMT +1 Product: mcNews =1.3 successfully exploited on 1.3 Vendor: http://www.phpforums.net/index.php?dir=dld Home Page Type: Arbitrary fil...

CVE-2005-0698

PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the 1 GPATH parameter to init.inc.php or the 2 PATH parameter to index.php to reference a URL on a remote web server that contains the code...

CVE-2005-0647

The CVE-2005-0647 entry concerns paNews 2.0.4b. Vulnerability: in admin_setup.php, remote attackers can inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. This is a local script injection affecting paNews’s configuration fi...

CVE-2005-0645

CVE-2005-0645 describes a cross-site scripting (XSS) vulnerability in CuteNews 1.3.6. The flaw allows an attacker to inject arbitrary HTML, web script, and PHP code via the CLIENT-IP or X-FORWARDED-FOR headers in an HTTP POST to show_news.php. Affected component is show.inc.php in CuteNews 1.3.6....

CVE-2005-0647

adminsetup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the 1 $formcomments or 2 $formautoapprove parameters, which are written to config.php...

PHPNews auth.php path Parameter Remote File Inclusion

The remote host is running PHPNews, an open source news application written in PHP. The installed version of PHPNews has a remote file include vulnerability in the script 'auth.php'. By leveraging this flaw, a attacker can cause arbitrary PHP code to be executed on the remote host using the...

CVE-2005-0632

PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter...

postnuke -- SQL injection vulnerabilities

Two separate SQL injection vulnerabilities have been identified in the PostNuke PHP content management system. An attacker can use this vulnerability to potentially insert executable PHP code into the content management system to view all files within the PHP scope, for instance. Various other SQ...

CVE-2004-1746

Cross-site scripting XSS vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the 1 catselect or 2 show parameters...