PHPGB 1.11.2 - PHP Code Injection

PHPGB 1.11.2 - PHP Code Injection source: https://www.securityfocus.com/bid/5679/info phpGB is subject to a PHP code injection vulnerability. After bypassing authentication it is possible to inject code into the guestbook configuration file config.php by supplying malicious parameters for the...

CVE-2002-0734

b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server...

code injection in gallery

Hi! Code injection in gallery ------------------------------------- What is gallery? The Gallery is actually the best web gallery application around in the world. I'm using it too ;-. Go to http://gallery.sf.net/ to get further information and download this very cool app. remote include problems...

CVE-2000-1166

Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP PHP3 code by specifying an alternate vhosts as an argument to the index.php3 program...

CVE-2002-0206

The CVE-2002-0206 issue affects PHP-Nuke: index.php may include a URL to remote code via the file parameter, enabling remote arbitrary PHP code execution on servers running PHP-Nuke 5.3.1 and earlier (and possibly versions before 5.5). Root cause is PHP’s include() reading a URL without validatin...

CVE-2002-0206

index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter...

XGB 1.2 - Remote Form Field Input Validation

XGB 1.2 - Remote Form Field Input Validation source: https://www.securityfocus.com/bid/4515/info xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. xGB does not sufficiently validate input that is supplied v...

XGB 1.2 - Remote Form Field Input Validation

source: https://www.securityfocus.com/bid/4515/info xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. xGB does not sufficiently validate input that is supplied via form fields. An attacker may, under some...

Code injection in PHPGroupware

It's possible to inject PHP code and to modify SQL query...

Вставка PHP-кода в VikkiTikkiTavi (code execution)

Можифицировав URL можно запросить вставить в шаблон файл с другой машины...

CVE-2001-0475

index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter...

CVE-2001-1471

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables 1 $lstatsblock in prefs.php or 2 $lprivnotify in auth.php from being properly initialized, which can be modified by the user and later...

phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run arbitrary PHP Codes as apache user.

Note : sorry for my pity english. First of all, i want to ask a question, is it normal that if, in a MySQL query -via PHP-, i put "select from $table" . "files where ID=1" and i post table="atable ", MySQL consider the new query as a valid one so the final query will be "select from atable" ? It'...

vBulletin allows arbitrary code execution

OVERVIEW ======== vBulletin http://www.vbulletin.com is a commonly used web forum system written in PHP. One of its key features is use of templates, which allow the board administrator to dynamically modify the look of the board. vBulletin templates are parsed with the eval function. This could ...

Дырка в vBulletin (PHP code injection)

Можно вставить PHP-код в программу...

CVE-2001-1468

PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code...

CVE-2000-1166

Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP PHP3 code by specifying an alternate vhosts as an argument to the index.php3 program...

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...