AllMyGuests.txt

AllMyGuests PHP Code Injection vulnerability Product : AllMyGuests Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No Source in /include/info.inc.php -------------------------------------------------------------- $AMGinfoget =...

AllMyVisitors.txt

AllMyVisitors PHP Code Injection vulnerability Product : AllMyVisitors Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No Source in /include/info.inc.php -------------------------------------------------------------- $AMVinfoget =...

PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior Summary : ezContents a free open source content management system has been found to be vulnerable to Multiple PHP Code Injection vulnerabilities. They enable a malicious user to access...

phpGedView_v2.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior Summary : phpGedView is an open source system for online viewing Gedcom information family tree and genology information. Multiple PHP Code Injection vulnerabilities exist in the...

gallery -- remote code injection via HTTP_POST_VARS

A web server running Gallery can be exploited for arbitrary PHP code execution through the use of a maliciously crafted URL...

phpGroupWare 0.9.14 - 'Tables_Update.Inc.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/12074/info phpGroupWare is prone to a remote file include vulnerability, potentially allowing the execution of malicious PHP code. This would occur in the context of the affected web server. The tablesupdate.inc.php script contains the following include...

CVE-2004-0030

PHP remote file inclusion vulnerability in 1 functions.php, 2 authenticationindex.php, and 3 configgedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGVBASEDIRECTORY parameter to reference a URL on a remote web server that contains the code...

Mambo Open Source 4.54.6 - mod_mainmenu.php Remote File Inclusion

Mambo Open Source 4.54.6 - modmainmenu.php Remote File Inclusion source: https://www.securityfocus.com/bid/9445/info It has been reported that Mambo Open Source may be prone to a remote file include vulnerability that may allow an attacker to include malicious external files containing arbitrary...

Mambo mod_mainmenu.php mosConfig_absolute_path Parameter Remote File Inclusion

There is a flaw in the installed version of Mambo Open Source that may allow an attacker to execute arbitrary remote PHP code on this host because it fails to sanitize input to the 'mosConfigabsolutepath' of 'modules/modmainmenu.php' before using it to include PHP code from another file. Note tha...

Mambo Open Source 4.5/4.6 - 'mod_mainmenu.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/9445/info It has been reported that Mambo Open Source may be prone to a remote file include vulnerability that may allow an attacker to include malicious external files containing arbitrary PHP code to be executed on a vulnerable system. The issue exists...

Vuln in PHPGEDVIEW 2.61 Multi-Problem

Tittle : Vuln in PHPGEDVIEW 2.61 Lang : PHP Author : Windak Website: www.security.com.vn Version : PHPGEDVIEW 2.61 Multi-Problem Introduction : PHPGEDVIEW is program read projects GEDCOM file default html . Bug : 1 Php code injection : Rick : Hight - Vuln in any files : functions.php,...

CVE-2003-1131

PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code...

CVE-2003-1256

afflistelangue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the repinclude parameter to reference a URL on a remote web server that contains paralangue.php...

CVE-2003-1241

Cross-site scripting vulnerability XSS in 1 adminindex.php, 2 adminpass.php, 3 adminmodif.php, and 4 adminsuppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via...

myegallery.txt

Product: MyeGallery Versions affected: all /tmp/cmdtemp 2&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp"; $output = obgetcontents; obendclean; printoutput; ? This allows execution of any command on the server with MyeGallery, under the privileges of the Web server usually apache or httpd. 3. Solution...

Remote execution in My_eGallery

Product: MyeGallery Versions affected: all 3.1.1.g Website: http://lottasophie.sourceforge.net/index.php 1. Introduction --------------- MyeGallery is a very nice PostNuke module, which allows users to create and manipulate their own galleries on the web, plus offers various additional features...

Новые уязвимости.

Командой сетевой безопасности LwB Team найдены следующие уязвимости: 1.Произвольный PHP код в Flipper Poll v1.1 URL: http://php.pogoworld.co.uk FILE: poll.php Не проверяется фактическое расположение сценария: config.php , представленного в параметре rootpath . Exploit:...

php.advanced.poll.txt

Informations : °°°°°°°°°°°°° Language : PHP Product : Advanced Poll Version : 2.0.2 Textfile Website : http://www.proxy2.de Problems : - PHP Code Injection - File Include - Phpinfo PHP Code/Location : °°°°°°°°°°°°°°°°°°° comments.php :...

Advanced Poll : PHP Code Injection, File Include, Phpinfo

Informations : °°°°°°°°°°°°° Language : PHP Product : Advanced Poll Version : 2.0.2 Textfile Website : http://www.proxy2.de Problems : - PHP Code Injection - File Include - Phpinfo PHP Code/Location : °°°°°°°°°°°°°°°°°°° comments.php :...

Gallery 1.4 - index.php Remote File Inclusion

Gallery 1.4 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/8814/info It has been reported that Gallery is prone to a remote file include vulnerability in the index.php script file. The problem occurs due to the program failing to verify the location in which it includ...