PT-2005-3817 · Noah · Noah'S Classifieds

Name of the Vulnerable Software and Affected Versions: Noah's classifieds version 1.3 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the rollid parameter in the index.php file. This could potentially lead to unauthorized actions on...

FUD Forum < 2.7.1 PHP code injection vurnelability

Avatar upload in FUD Forum 2.7.1 may be tricked to upload a PHP file. To do so merge a graphic avatar file with a PHP file. cat foo.png foo.php uploadme.php under linux/unix. On win try notepat :...

CVE-2005-2607

The CVE concerns Simplicity oF Upload’s download.php where the language parameter can trigger a local/remote file inclusion (LFI) due to insufficient input sanitization. Affected software is the Simplicity oF Upload PHP script; vulnerability resides in download.php prior to version 1.3.1. Consequ...

Atomic Photo Album 0.x1.0 - Apa_PHPInclude.INC.php Remote File Inclusion

Atomic Photo Album 0.x1.0 - ApaPHPInclude.INC.php Remote File Inclusion source: https://www.securityfocus.com/bid/14368/info Atomic Photo Album is susceptible to a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...

CVE-2005-2249

Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability...

CVE-2005-2249

Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability...

CVE-2005-1524

PHP file inclusion vulnerability in topgraphheader.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the configlibrarypath parameter...

CVE-2005-1996

PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the SERVERDOCUMENTROOT parameter...

PT-2005-2851 · Flatnuke · Flatnuke

Name of the Vulnerable Software and Affected Versions: FlatNuke version 2.5.3 Description: A direct code injection issue allows remote attackers to execute arbitrary PHP code by placing the code into the referer header of an HTTP request. This causes the code to be injected into referer.php, whic...

Vortex Portal 2.0 - content.php?act Remote File Inclusion

Vortex Portal 2.0 - content.php?act Remote File Inclusion source: https://www.securityfocus.com/bid/12878/info Vortex Portal is reportedly affected by a remote PHP file include vulnerability. This issue is due to a failure in the application to properly sanitize user supplied input. It is...

CitrusDB 0.3.6 - Arbitrary Local PHP File Inclusion

CitrusDB 0.3.6 - Arbitrary Local PHP File Inclusion source: https://www.securityfocus.com/bid/12564/info CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input. This...

CitrusDB 0.3.6 - Arbitrary Local PHP File Inclusion

source: https://www.securityfocus.com/bid/12564/info CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input. This issue is reported to affect CitrusDB 0.3.6; earlier...

GLSA-200501-39 : SquirrelMail: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200501-39 SquirrelMail: Multiple vulnerabilities SquirrelMail fails to properly sanitize certain strings when decoding specially crafted strings, which can lead to PHP file inclusion and XSS. Insufficient checking of incoming URLs...

CVE-2004-1448

Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code...

SquirrelMail: Multiple vulnerabilities

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP and can optionally be installed with SQL support. Description SquirrelMail fails to properly sanitize certain strings when decoding specially-crafted strings, which can lead to PHP file inclusion and XSS...

CVE-2004-1448

Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code...

CVE-2004-2255

Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename...

e107 include() Remote Exploit

Exploit for unknown platform in category web applications ============================= e107 include Remote Exploit ============================= | | | | | | |/ \ \ /\ / / | | | | \ V V / || ||/ // Security Group. -= e107 remote sploit =- by sysbug Attack method: with this sploit u can send an...

CVE-2004-0613

osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory...

phpPOC.txt

PHP File Upload Vulnerability POC Title: Overwrite $FILE array in rfc1867 - Mime multipart/form-data File Upload Author: Stefano Di Paola Affected: Php "; if isuploadedfile$FILES'userfile''tmpname' && moveuploadedfile$FILES'userfile''tmpname', $uploadfile print "File is valid, and was successfull...