Gallery save_photos.php Arbitrary Command Execution

The version of Gallery hosted on the remote web server is affected by an arbitrary command execution vulnerability. This could allow an attacker to execute arbitrary commands on the remote host by uploading a file containing arbitrary PHP code. When the temp directory is web accessible, the...

Mantis Bugtracker Remote PHP Code Execution Vulnerability

--------------------------------------------------------------------------- Mantis Bugtracker Remote PHP Code Execution Vulnerability --------------------------------------------------------------------------- Author: Joxean Koret Date: 08-01-2004 Location: Basque Country...

Coppermine Gallery < 1.1 Beta 2 PHP Code Execution (deprecated)

Binary data 1567.prm...

PHP Code Snippet Library 'index.php' XSS

Binary data 2149.prm...

[UNIX] YaPiG add_comment.php PHP Code Injection

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2004-0490

cPanel, when compiling Apache 1.3.29 and PHP with the modphpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPTFILENAME variable to find and execute a script instead of the PATHTRANSLATED variable, which allows local users to execute arbitrary PHP code...

trixbox Dashboard user/index.php langChoice Parameter Local File Inclusion

Binary data 4577.prm...

Serendipity <= 1.0-beta2 Blog Configuration PHP Code Injection

Binary data 3518.prm...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a popular, web-based MySQL administration tool written in PHP. It allows users to administer a MySQL database from a web-browser. Description Two serious vulnerabilities exist in phpMyAdmin. The first allows any user to alter the server configuration variables including...

phpMyAdmin 2.5.7 - Remote code Injection

phpMyAdmin 2.5.7 - Remote code Injection / phpmy-explt.c written by Nasir Simbolon eagle kecapi com Jakarta, Indonesia June, 10 2004 A phpMyAdmin-2.5.7 exploite program. This is a kind of mysql server wrapper acts like a proxy except that it will sends a fake table name, when client query "SHOW...

php codes injection in phpMyAdmin version 2.5.7.

Software : phpMyAdmin Version : 2.5.7 Vulnerability : php codes injection Problem-Type : remote user phpMyAdmin is web-based mysql administration written in PHP. There is a vulnerability in phpMyAdmin version 2.5.7. This vulnerability would allow remote user to inject php codes to be executed by...

When faking table with specific name, an attacker can make phpMyAdmin to execute arbitrary php code and add custom server configuration.

PMASA-2004-1 Announcement-ID: PMASA-2004-1 Date: 2004-06-29 Summary When faking table with specific name, an attacker can make phpMyAdmin to execute arbitrary php code and add custom server configuration. Description phpMyAdmin used eval function to fill some values and one parameter used there w...

e107 website system 0.6 - email article to a friend Feature Cross-Site Scripting

e107 website system 0.6 - email article to a friend Feature Cross-Site Scripting source: https://www.securityfocus.com/bid/10436/info e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties ...

e107 website system 0.6 - &#039;usersettings.php?avmsg&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/10436/info e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execut...

gemitelv3.txt

--------------------------------------------------------------------------------------------- GEMITEL V 3 build 50 :: include vulnerability URL : http://www.isesam.com/ FORUM : http://www.isesam.com/forums/gemitel/threadopen.shtml Vendor has been contacted. Description : --------------- Gemitel i...

CVE-2004-1820

PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php...

AllMyLinks PHP Code Injection vulnerability

AllMyLinks PHP Code Injection vulnerability Product : AllMyLinks Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No Source in /include/footer.inc.php -------------------------------------------------------------- $AMLfooterget =...

AllMyVisitors PHP Code Injection vulnerability

AllMyVisitors PHP Code Injection vulnerability Product : AllMyVisitors Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No Source in /include/info.inc.php -------------------------------------------------------------- $AMVinfoget =...

AllMyGuests PHP Code Injection vulnerability

AllMyGuests PHP Code Injection vulnerability Product : AllMyGuests Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No Source in /include/info.inc.php -------------------------------------------------------------- $AMGinfoget =...

AllMyLinks.txt

AllMyLinks PHP Code Injection vulnerability Product : AllMyLinks Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No Source in /include/footer.inc.php -------------------------------------------------------------- $AMLfooterget =...