EUVD-2007-2229

Malware in sbrugna...

CVE-2006-4526

SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray parameter...

XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection

The version of XOOPS installed on the remote host fails to filter user-supplied input to the 'mydirname' parameter of the 'onupdate.php', 'notification.php', and 'oninstall.php' scripts under the application's 'xoopslib/modules/protector' directory before passing it to PHP 'eval' functions...

PHPAuction Multiple Script include_path Parameter File Inclusion

The remote host is running PHPAuction, a PHP script for building auction websites. The version of PHPAuction installed on the remote host fails to sanitize input to the 'includepath' parameter of several scripts before using it to include PHP code. An unauthenticated, remote attacker can exploit...

Mambo phpBB Component download.php phpbb_root_path Parameter Remote File Inclusion

The remote host is running the phpBB component for Mambo, a web-based bulletin board. The version of the phpBB component for Mambo installed on the remote host fails to sanitize input to the 'phpbbrootpath' parameter of the 'download.php' and other scripts before using it to include PHP code...

Aardvark Topsites CONFIG[path] Parameter Remote File Inclusion

Aardvark Topsites PHP is installed on the remote host. It is an open source toplist management system written in PHP. The application does not sanitize user-supplied input to the 'CONFIGpath' variable in some PHP files, for example, 'lostpw.php' This allows an attacker to include arbitrary files,...