EUVD-2007-6164

Malware in sbrugna...

CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...

CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to cross-site scripting.The vulnerability exists due to additional input escaping of lib/phpunit/classes/util.php parameter which allows a remote attacker to inject and execute malicious code into the system...

CVE-2008-0504

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery CPG before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 albumid, 2 startpic, and 3 numpics parameters to util.php; and 4 cidarray parameter to reviewcom.php...

[waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14

waraxe-2008-SA066 - Multiple Vulnerabilities in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 31. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-66.html Target software description:...

Cross site scripting

Cross-site scripting XSS vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter...

CVE-2007-6196

Cross-site scripting XSS vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter...

CVE-2006-6701

Cross-site request forgery CSRF vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG eleme...

PHP-Nuke NukeAI Module 3b - 'util.php' Remote File Inclusion

!/usr/bin/perl +------------------------------------------------------------------------------------------- + nukeai beta3 util.php Remote Code Execution Vulnerability +------------------------------------------------------------------------------------------- + Affected Software .: nukeai beta3 ...

CVE-2006-0587

Affected software. Gallery versions prior to 1.5.2-pl2. Vulnerability. An unspecified issue in util.php allows remote authenticated users to trick an owner into modifying stored album data and possibly execute arbitrary code via a crafted link to a crafted file. Impact. As described, potential ar...

CVE-2006-0313

Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving 1 util.php, 2 userpref.php, 3 user.php, 4 uploadfrm.php, 5 title.php, 6 team.php, 7 stats.php, 8 page.php, 9 org.php, 10 member.php...