CVE-2004-1746

The CVE-2004-1746 entry describes a Cross-site scripting (XSS) vulnerability in PHP Code Snippet Library’s index.php, exploitable via the cat_select and show parameters. The underlying issue is inadequate input sanitization in index.php, allowing remote attackers to inject arbitrary JavaScript in...

CVE-2004-1734

PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the 1 tcorepath parameter to bugapi.php or 2 tcoredir parameter to relationshipapi.php to reference a URL on a remote web server that contains the code...

vbulletin306.txt

Summary: vbulletin 3.0.6 and below php code injection Description =========== vBulletin is a powerful, scalable and fully customizable forums package for your web site. It has been written using the Web's quickest-growing scripting language; PHP, and is complimented with a highly efficient and...

phpMyAdmin261.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4 Author: Maksymilian Arciemowicz cXIb8O3 Date: 24.2.2005 - --- 0.Description --- phpMyAdmin 2.6.1 is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently i...

vBulletin misc.php template Parameter PHP Code Injection

The remote version of vBulletin fails to sanitize input to the 'template' parameter of the 'misc.php' script. Provided the 'Add Template Name in HTML Comments' setting in vBulletin is enabled, an unauthenticated attacker may use this flaw to execute arbitrary PHP commands on the remote host...

phpWebSite 0.x - Image File Processing Arbitrary '.PHP' File Upload

source: https://www.securityfocus.com/bid/12653/info phpWebSite is reported prone to a remote arbitrary PHP file upload vulnerability. The issue presents itself due to a lack of sanitization performed on image files that are uploaded when submitting an announcement. A remote attacker may exploit...

[SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection

Summary: vbulletin 3.0.6 and below php code injection Description =========== vBulletin is a powerful, scalable and fully customizable forums package for your web site. It has been written using the Web's quickest-growing scripting language; PHP, and is complimented with a highly efficient and...

CVE-2005-0511

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter...

vBulletin 3.0.6 - PHP Code Injection

vBulletin 3.0.6 - PHP Code Injection Tested on vBulletin Version 3.0.1 /str0ke http://www.xxx.net/misc.php?do=page&template=$systemid SCAN Associates Security Advisory http://www.scan-associates.net Proof of concept ================ http://site.com/misc.php?do=page&template=$phpinfo milw0rm.com...

vBulletin <= 3.0.6 php Code Injection Vulnerability

No description provided by source. Tested on vBulletin Version 3.0.1 /str0ke http://www.xxx.net/misc.php?do=page&template=$systemid SCAN Associates Security Advisory http://www.scan-associates.net Proof of concept ================ http://site.com/misc.php?do=page&template=$phpinfo...

vBulletin <= 3.0.6 php Code Injection

Exploit for unknown platform in category web applications ===================================== vBulletin = 3.0.6 php Code Injection ===================================== Tested on vBulletin Version 3.0.1 /str0ke http://www.xxx.net/misc.php?do=page&template=$systemid SCAN Associates Security...

[Full-Disclosure] : [SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection

Summary: vbulletin 3.0.6 and below php code injection Description =========== vBulletin is a powerful, scalable and fully customizable forums package for your web site. It has been written using the Web's quickest-growing scripting language; PHP, and is complimented with a highly efficient and...

vBulletin 3.0.6 - PHP Code Injection

Tested on vBulletin Version 3.0.1 /str0ke http://www.xxx.net/misc.php?do=page&template=$systemid SCAN Associates Security Advisory http://www.scan-associates.net Proof of concept ================ http://site.com/misc.php?do=page&template=$phpinfo milw0rm.com 2005-02-22...

CVE-2005-0512

PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfigabsolutepath parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693...

CVE-2005-0511

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter...

PANews 2.0 - PHP Remote Code Execution

source: https://www.securityfocus.com/bid/12611/info PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews software through the 'showcopy' parameter of the 'adminsetup.php' script. Reports indicate that wh...

CVE-2004-1573

The CVE-2004-1573 entry concerns AJ-Fork 167 where insecure file permissions on users.db.php (set to 777) allow local users to execute arbitrary PHP code and gain administrator privileges. The vulnerability’s impact is (local) arbitrary code execution with full privileges as described; exploitati...

CVE-2004-1505

Technical details (affected product/component/versions/root cause) are not publicly provided in the supplied Connected documents. Monitor for updates to confirm scope, impact, and remediation for CVE-2004-1505.

vbulletin 3.0.x PHP code execution

Vulnerable Systems: ---------------- vBulletin version 3.0 up to and including version 3.0.4 Immune systems: ---------------- vBulletin version 3.0.5 vBulletin version 3.0.6 Vulnerable code in forumdisplay.php : if $vboptions'showforumusers' . . . . if $bbuserinfo'userid' . . . . $comma = ', ';...

CVE-2004-1423

Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office VLO and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpcrootpath parameter to 1 includes/calendar.ph...