Code injection

Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the 1 category and 2 Icon URL fields; or 3 inject arbitrary PHP...

CVE-2009-4115

Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the 1 category and 2 Icon URL fields; or 3 inject arbitrary PHP...

Code injection

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...

CVE-2009-3814

CVE-2009-3814 describes a static code injection in RunCMS 2M1. The vulnerability allows remote authenticated administrators to execute arbitrary PHP code through the ilter/Banningeature, demonstrated by modifying modules/system/cache/bademails.php via the "Prohibited: Emails" action and other u...

CVE-2009-3814

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...

CVE-2009-3760

CVE-2009-3760 affects the Citrix XenCenterWeb XenServer Resource Kit sample code: a vulnerability in config/writeconfig.php where the pool1 parameter enables static code injection into include/config.ini.php, allowing remote attackers to inject arbitrary PHP code. Root cause is improper handling ...

CVE-2008-6956

CVE-2008-6956 affects mxCamArchive 2.2 in the admin/admin.php component. It is a static code injection vulnerability that allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, with execution triggered by index.php. The C...

Code injection

Static code injection vulnerability in Sanus|artificium aka Sanusart Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is...

CVE-2008-6934

Static code injection vulnerability in Sanus|artificium aka Sanusart Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is...

CVE-2009-2736

Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action...

CVE-2009-2736

Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action...

CVE-2009-2736

CVE-2009-2736 concerns sun-jester OpenNews 1.0. The vulnerability is a static code injection in admin.php that allows remote authenticated administrators to inject arbitrary PHP code into config.php via the “Overall Width” field in a setconfig action. The issue originates from the admin.php compo...

openSUSE Security Update : phpMyAdmin (phpMyAdmin-711)

This update of phpMyAdmin fixes multiple vulnerabilities : - CVE-2009-1148: directory traversal - CVE-2009-1149: CRLF injection - CVE-2009-1150: cross-site scripting - CVE-2009-1151: static code injection %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...

CVE-2009-2333

Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the menu parameter to admin/adminmenu.php, and the id parameter to 2 index.php and 3 admin/adminedit.php; and 4 delete arbitrary...

Debian Security Advisory DSA 1824-1 (phpmyadmin)

The remote host is missing an update to phpmyadmin announced via advisory DSA 1824-1. OpenVAS Vulnerability Test $Id: deb18241.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1824-1 phpmyadmin Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Code injection

Static code injection vulnerability in addreg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted 1 url and 2 location parameter...

CVE-2009-2111

Static code injection vulnerability in addreg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted 1 url and 2 location parameter...

CVE-2009-2111

CVE-2009-2111 affects DB Top Sites 1.0, with a vulnerability in the file add_reg.php that allows static code injection . A remote attacker can inject arbitrary PHP code by supplying crafted parameters for the (1) url and (2) location, enabling code execution on the affected system. This is docume...

Mandrake Security Advisory MDVSA-2009:115 (phpMyAdmin)

The remote host is missing an update to phpMyAdmin announced via advisory MDVSA-2009:115. OpenVAS Vulnerability Test $Id: mdksa2009115.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:115 phpMyAdmin Authors: Thomas Reinke Copyright: Copyright c 2009...

Mandrake Security Advisory MDVSA-2009:115 (phpMyAdmin)

The remote host is missing an update to phpMyAdmin announced via advisory MDVSA-2009:115. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...