13 matches found
EUVD-2007-1890
Malware in sbrugna...
Remote file inclusion
PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a mymsroot cookie, a different vector than CVE-2007-0491 and CVE-2006-4630...
CVE-2007-1895
PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a mymsroot cookie, a different vector than CVE-2007-0491 and CVE-2006-4630...
CVE-2007-1896
Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. dot dot and trailing %00 NULL in a mymsroot cookie...
CVE-2007-1896
CVE-2007-1896 is a directory-traversal flaw in Sky GUNNING MySpeach 3.0.7 and earlier, affecting the file chat.php . The root cause is improper handling of a cookie parameter my_ms[root], allowing a attacker to trigger local file inclusion by using a double dot (“..”) path traversal with a traili...
CVE-2007-1895
CVE-2007-1895 describes a PHP remote file inclusion in Sky GUNNING MySpeach (3.0.7 and earlier) when run with PHP 5. An FTP URL placed in the my_ms[root] cookie enables remote attackers to execute arbitrary PHP code. Connected documents corroborate variants of this vulnerability across MySpeach 3...
Remote file inclusion
PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mymsroot parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information...
CVE-2007-0491
PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mymsroot parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information...
CVE-2007-0491
PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mymsroot parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information...
CVE-2007-0491
CVE-2007-0491 is a PHP remote file inclusion vulnerability in Sky GUNNING MySpeach 3.0.6 and earlier, exploitable via a URL in the my_ms[root] parameter of up.php. The issue is a separate vector from CVE-2006-4630 and affects MySpeach components prior to 3.0.6. The connected records confirm relat...
CVE-2006-4630
PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mymsroot parameter...
CVE-2006-4630
CVE-2006-4630 describes a PHP remote file inclusion in jscript.php for Sky GUNNING MySpeach 3.0.2 and earlier. When register_globals is enabled, an attacker can cause arbitrary PHP code execution via a URL in the my_ms[root] parameter. Affected versions are 3.0.2 and earlier; impact is remote cod...
EUVD-2006-4618
PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mymsroot parameter...