[Full-disclosure] RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities

The Advisory can be found here: http://www.g-0.org/code/rz2-adv.html Regards, GroundZero Security Research and Software Development http://www.groundzero-security.com Wir widersprechen der Nutzung oder Ubermittlung unserer Daten fur Werbezwecke oder fur die Markt- oder Meinungsforschung § 28 Abs....

CVE-2005-3738

globals.php in Mambo Site Server 4.0.14 and earlier, when registerglobals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfigabsolutepath parameter to content.html.php for remote PHP file inclusion...