CVE-2006-5386

Summary of CVE-2006-5386: A PHP remote file inclusion in the NuralStorm Webmail project (versions 0.98b and earlier) can allow an attacker to execute arbitrary PHP code. This occurs when register_globals is enabled and an attacker supplies a URL in the DEFAULT_SKIN parameter that is processed by ...

CVE-2006-5386

PHP remote file inclusion vulnerability in process.php in NuralStorm Webmail 0.98b and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DEFAULTSKIN parameter...

NuralStorm Webmail <= 0.98b (process.php) Remote Include Vulnerability

Exploit for unknown platform in category web applications ====================================================================== NuralStorm Webmail = 0.98b process.php Remote Include Vulnerability ======================================================================...

NuralStorm Webmail 0.98b - process.php Remote File Inclusion

NuralStorm Webmail 0.98b - process.php Remote File Inclusion --------------------------------------------------------------------------- NuralStorm Webmail = 0.98b Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn...

NuralStorm Webmail &lt;= 0.98b (process.php) Remote Include Vulnerability

No description provided by source. --------------------------------------------------------------------------- NuralStorm Webmail = 0.98b Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team :...

CVE-2006-0687

process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable...

docmgr_0542_incl_xpl

--------------- DocMGR Results For "".$searchString."" "; $option = null; if defined"USELDAP" if defined"GLOBALADMIN" $option"searchbase" = LDAPBASE; else $option"searchbase" = SEARCHBASE; //create our sear...

CVE-2005-3855

SQL injection vulnerability in process.php in 1-2-3 music store allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter...

CVE-2005-3855

Affected product/component : 1-2-3 music store, process.php .Vulnerability : SQL injection via the AlbumID parameter, allowing remote attackers to execute arbitrary SQL commands.Root cause (as described) : unsafely constructed SQL in the application logic.Impact (per sources) : remote command exe...

CVE-2005-3855

SQL injection vulnerability in process.php in 1-2-3 music store allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter...