CVE-2002-1466

CafeLog b2 Weblog Tool 2.06pre4, with allowfopenurl enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable...

CuteNews Multiple Script cutepath Parameter Arbitrary Command Execution

The version of CuteNews installed on the remote host fails to sanitize input to the 'cutepath' parameter before using it in various scripts to include PHP code. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server...

Nuked-Klan 1.2b Multiple Vulnerabilities

It is possible to execute arbitrary PHP code on the remote host using a flaw in the 'Nuked Klan' package. An attacker may leverage this flaw to leak information about the remote system or even execute arbitrary commands. In addition to this problem, this service is vulnerable to various cross-sit...

GOsa Multiple Script plugin Parameter Remote File Inclusion

The remote web server is hosting GOnicus System Administrator GOsa, a PHP-based administration tool for managing accounts and systems in LDAP databases. The version of GOsa installed on the remote host fails to sanitize user input to the 'plugin' parameter of several scripts before using it to...

PHP code injection in CuteNews

PHP source code injection in CuteNews Informations : =============================================== Script : CuteNews v0.88 Offical site : http://air.langame.net/ =============================================== PHP Scripts : =============================================== shownews.php :...

Myguestbook (PHP)

Informations : °°°°°°°°°°°°°° Version : 3.0 Website : http://www.tefonline.net/ Problems : - XSS - admin infos recovery - Access to admin pages PHP Code/Location : °°°°°°°°°°°°°°°°°°° If pseudo = SCRIPT, e-mail = SCRIPT or message = /textareaSCRIPT SCRIPT will be executed on index.php,...

Cedric Email Reader (PHP)

Version : 0.2;0.3;0.4 Website : http://www.isoca.com/ Problems :Include file local, remote Version: 0.2;0.3 File: --------------------------------- email.php3 version 0.2 ; email.php version 0.3 --------------------------------- PHP Code: ---------------------------------...

Zorum Portal (PHP)

Version : 3.0;3.1;3.2 Website : http://zorum.phpoutsourcing.com/ Problem : Include file File: --------------------------------- include.php --------------------------------- PHP Code: --------------------------------- ... include"$gorumDir/generformlibmultipleselection.php";...

vSignup, vAuthenticate (PHP)

Informations : °°°°°°°°°°°°°° ----------------------- Product : vAuthenticate Version : 2.8 ----------------------- Product : vSignup Version : 2.1 ----------------------- Website : http://www.beanbug.net Problem : SQL Injection PHP Code/Location : °°°°°°°°°°°°°°°°°°° chgpwd.php :...

DCP-Portal 5.0.1 - lib.php?Root Remote File Inclusion

DCP-Portal 5.0.1 - lib.php?Root Remote File Inclusion source: https://www.securityfocus.com/bid/6525/info DCP-Portal is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously create...

CVE-2002-2128

editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. dot dot sequences in the file parameter...

CVE-2002-2130

publishxpdocs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERYBASEDIR parameter to reference a URL on a remote web server that contains the code...

CVE-2002-1707

install.php in phpBB 2.0 through 2.0.1, when "allowurlfopen" and "registerglobals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbbrootdir parameter to reference a URL on a remote web server that contains the code...

PEEL 1.0b - Remote File Inclusion

PEEL 1.0b - Remote File Inclusion source: https://www.securityfocus.com/bid/6496/info PEEL is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. An attacker may exploit this by supplying a path to a maliciously created file, located on an...

WAnewsletter (PHP)

Informations : °°°°°°°°°°°°°° Website : http://www.phpcodeur.net Versions : 2.0beta - 2.1.0 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° newsletter.php 2.1beta - 2.1.0 : ---------------------------------------------------- if !empty$HTTPPOSTVARS'action' $action =...

Web Server Creator - Web Portal 0.1 (PHP)

Informations : °°°°°°°°°°°°°° Website : http://webcreator.com02.com Tested version : 0.1 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° news/include/customize.php : ------------------ ? $langfile = $l; include $l; ? ------------------ index.php : ----------------------------------...

CVE-2002-1211

Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUSLIBRARYBASE that points to code stored on a remote server, which is then used in 1 index.php, 2 install.php, or 3 various test.php scripts...

CVE-2002-1113

summarygraphfunctions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the gjpgraphpath parameter to reference the location of the PHP code...

MySimpleNews (PHP)

Informations : °°°°°°°°°°°°°° Language : PHP Tested version : 1 Website : ? Comment : Very simple code. a Writing PHP code in a PHP file and execution of this code. Problem : °°°°°°°°° ----------------- users.php ----------------- ? $fp=fopen"news.php3","a"; fwrite$fp,"Post Par $LOGINn";...

PHPGB 1.1/1.2 - PHP Code Injection

source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the savesettings.php script. The...