764 matches found
CVE-2006-1105
Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not...
CVE-2006-1105
CVE-2006-1105 affects Pixelpost 1.5 beta 1 and earlier. A direct request to includes/phpinfo.php causes the phpinfo function to reveal configuration information, exposing sensitive server details to remote attackers. The vendor disputes some aspects of the original disclosure, but the available d...
PT-2006-1805 · Dotproject · Dotproject
Name of the Vulnerable Software and Affected Versions: dotProject versions 2.0.1 and earlier Description: The issue allows remote attackers to obtain sensitive configuration information because certain files, specifically phpinfo.php and check.php, remain accessible under the /docs/ directory aft...
dotproject <= 2.0.1 remote code execution
dotproject = 2.0.1 remote code execution ====================================== Software: dotProject = 2.0.1 Severity: Arbitrary code execution, Path/Information Disclosure Risk: High Author: Robin Verton [email protected] Date: Feb. 14 2006 Vendor: dotproject.net contacted Description: dotProje...
Ubuntu 4.10 / 5.04 / 5.10 : php4, php5 vulnerabilities (USN-232-1)
Eric Romang discovered a local Denial of Service vulnerability in the handling of the 'session.savepath' parameter in PHP's Apache 2.0 module. By setting this parameter to an invalid value in an .htaccess file, a local user could crash the Apache server. CVE-2005-3319 A Denial of Service flaw was...
Design/Logic Flaw
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the dbid parameter to visitorupload.php, as demonstrated using phpinfo and include function calls...
CVE-2006-0214
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the dbid parameter to visitorupload.php, as demonstrated using phpinfo and include function calls...
Design/Logic Flaw
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...
DEBIAN-CVE-2006-0147
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...
CVE-2005-4875
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables...
CVE-2005-4875
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables...
CVE-2005-4787
Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to 1 index.php, 2 admin/index.php, and 3 admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in the co...
PT-2005-5450 · Turnkey Web Tools · Sunshop Shopping Cart
Name of the Vulnerable Software and Affected Versions: Turnkey Web Tools SunShop Shopping Cart affected versions not specified Description: The issue allows remote attackers to obtain sensitive information via a phpinfo action to specific API endpoints: "index.php", "admin/index.php", and...
security flaw
Cross-site scripting XSS vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."...
CVE-2005-4173
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function...
CVE-2005-4173
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function...
CVE-2005-4173
CVE-2005-4173 affects eFiction 1.0, 1.1, and 2.0. The vulnerability allows remote attackers to disclose sensitive information by requesting phpinfo.php, which executes PHP's phpinfo function. The documents do not specify exploitation methods beyond the information disclosure, nor do they provide ...
CVE-2004-2588
Intentional information leak in phpinfo.php in XMB aka extreme message board 1.9 beta aka Nexus beta allows remote attackers to obtain sensitive information such as the configuration of the web server and the PHP application...
CVE-2003-1257
findthenihome.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo...
Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS
Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS ======================================================================== Software: Affiliate Network Pro v7.2 Severity: SQL Injections, Arbitrary code execution, XSS Risk: High Author: Robin Verton [email protected] Date:...