CVE-2019-25503

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue...

EUVD-2000-0059

Malware in sbrugna...

CGA-PHP3-484J-RXFC

Bulletin has no description...

Vtiger CRM File Upload PHP Code Execution Vulnerability

Vtiger CRM is a customer relationship management software that helps businesses become organized, increase sales, improve marketing ROI and provide an enjoyable customer service experience. A file upload PHP code execution vulnerability exists in Vtiger CRM version 7.1.0 prior to Hotfix2. The...

File Upload Vulnerability in Ctrip CMS (XerCMS) at Member Avatar Upload

Ctrip CMS XerCMS is a content management system based on php+mysql, integrating membership, community, guestbook, news and model management. XerCMS has a file upload vulnerability at the member avatar upload. Since the program uses a blacklist filtering mechanism for the filename suffix of the...

PHP3 Physical Path Disclosure via POST Requests

The version of PHP3 running on the remote host will reveal the physical path of a given script when sent a HTTP POST request without a content-type header if it is incorrectly configured. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...

PHP Nuke 5.0 'user.php' Form Element Substitution Vulnerabilty

No description provided by source. source: http://www.securityfocus.com/bid/3107/info PHP-Nuke is a website creation/maintenance tool written in PHP3. If a malicious user may subtitute arbitrary values for image form elements in the PHP-Nuke User Registration Form by saving the webpage locallyas...

Mandrake Linux Security Advisory : mod_php3 (MDKSA-2000:048)

"A problem exists with PHP3 and PHP4 scripts regarding RFC 1867-based file uploads. PHP saves uploaded files in a temporary directory on the server, using a temporary name that is referenced as the variable $FOO where 'FOO' is the name of the file input tag in the submitted form. Many PHP scripts...

Debian Security Advisory DSA 115-1 (php3, php4)

The remote host is missing an update to php3, php4 announced via advisory DSA 115-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Debian Security Advisory DSA 168-1 (PHP3, PHP4)

The remote host is missing an update to PHP3, PHP4 announced via advisory DSA 168-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Debian Security Advisory DSA 669-1 (php3)

The remote host is missing an update to php3 announced via advisory DSA 669-1. OpenVAS Vulnerability Test $Id: deb6691.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 669-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-708-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 115-1 (php3, php4)

The remote host is missing an update to php3, php4 announced via advisory DSA 115-1. OpenVAS Vulnerability Test $Id: deb1151.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 115-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 708-1 (php3)

The remote host is missing an update to php3 announced via advisory DSA 708-1. OpenVAS Vulnerability Test $Id: deb7081.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 708-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-669-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 168-1 (PHP3, PHP4)

The remote host is missing an update to PHP3, PHP4 announced via advisory DSA 168-1. OpenVAS Vulnerability Test $Id: deb1681.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 168-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

MySQLNewsEngine Affichearticles.PHP3远程文件包含漏洞

MySQLNewsEngine是一款基于PHP的WEB应用程序。 MySQLNewsEngine不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'Affichearticles.PHP3'脚本对用户提交的'newsenginedir'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 MySQLNewsEngine 目前没有解决方案提供： http://www.comscripts.com/jump.php?action=script&id=625...

DEBIAN-CVE-2006-0519

SPIP 1.8.2-e and earlier and 1.9 Alpha 2 5539 and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message...

PHP3 Physical Path Disclosure Vulnerability

PHP3 will reveal the physical path of the webroot when asked for a non-existent PHP3 file if it is incorrectly configured. SPDX-FileCopyrightText: 2001 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

PHP3 Physical Path Disclosure Vulnerability

PHP3 will reveal the physical path of the webroot when asked for a non-existent PHP3 file if it is incorrectly configured. Although printing errors to the output is useful for debugging applications, this feature should not be enabled on production servers. OpenVAS Vulnerability Test $Id:...