Buffer overflow

Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/commonactions.php, via vectors associated with extract operations on th...

CVE-2007-0599

Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/commonactions.php, via vectors associated with extract operations on th...

CVE-2006-6661

This CVE affects PHP-Update (blog.php)

CVE-2006-4877

The CVE-2006-4877 entry concerns David Bennett PHP-Post (PHPp) 1.0 and earlier, where a variable overwrite vulnerability exists due to the use of PHP extract in multiple vectors. The affected components are the PHPp pages index.php, profile.php, and header.php, with the demonstrated vector involv...

CVE-2006-4877

Variable overwrite vulnerability in David Bennett PHP-Post PHPp 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the tableprefix parameter in 1 index.php, 2 profile.php, and 3 header.php...

CVE-2006-4019

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users...

CVE-2006-3798

DeluxeBB 1.07 and earlier exposes a vulnerability where a remote attacker can set the COOKIE data to overwrite the internal variables _GET, _POST, _ENV, and _SERVER during an extract function call, resulting in pollution of the global namespace and potentially multiple security vulnerabilities. A...

CVE-2006-2828

CVE-2006-2828 is a vulnerability in PHP-Nuke where a global variable overwrite allows remote PHP file inclusion by a modified phpbb_root_path parameter to multiple admin scripts (index.php, admin_ug_auth.php, admin_board.php, admin_disallow.php, admin_forumauth.php, admin_groups.php, admin_ranks....

XOOPS xoopsConfig Parameter Variable Overwrite Local File Inclusion

The version of XOOPS installed on the remote host allows an unauthenticated attacker to skip processing of the application's 'include/common.php' script and thereby to gain control of the variables '$xoopsConfiglanguage' and '$xoopsConfigthemeset', which are used by various scripts to include PHP...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIGmainpath parameter in 1 functions.php, 2 template.php, 3 news.php, 4 help.php, 5 mail.php, 6 Admin/admincats.php, 8 Admin/adminedit.php, 9...

CVE-2006-2487

Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIGmainpath parameter in 1 functions.php, 2 template.php, 3 news.php, 4 help.php, 5 mail.php, 6 Admin/admincats.php, 8 Admin/adminedit.php, 9...

Design/Logic Flaw

DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid 1 fcategoryid parameter to topics.php or 2 unavariabile, 3 GLOBALS, or 4 SERVER parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue...

CVE-2006-1914

DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid 1 fcategoryid parameter to topics.php or 2 unavariabile, 3 GLOBALS, or 4 SERVER parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue...

CVE-2005-4079

The registerglobals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the importblacklist variable in grabglobals.php, which can then be used to overwrite other variables...

Advisory 25/2005: phpMyAdmin Variables Overwrite Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpMyAdmin Variable Overwrite Vulnerability Release Date: 2005/12/07 Last Modified: 2005/12/07 Author: Stefan Esser [email protected] Application: phpMyAdmin 2.7.0-rc1...

phpMyAdmin < 2.7.0-pl1 Global Variable Overwrite

Binary data 3319.prm...

CVE-2005-3738

globals.php in Mambo Site Server 4.0.14 and earlier, when registerglobals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfigabsolutepath parameter to content.html.php for remote PHP file inclusion...

PHP 4.x5.0.x - Arbitrary File Upload GLOBAL Variable Overwrite

PHP 4.x5.0.x - Arbitrary File Upload GLOBAL Variable Overwrite source: https://www.securityfocus.com/bid/15250/info PHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests. By exploiting this issue, remote attackers may be able to overwrite th...

MyBB < 1.1.1 Multiple Script Variable Overwrite

Binary data 3519.prm...

XFree86 3.3.5/3.3.6 - Xlib Display Buffer Overflow

source: https://www.securityfocus.com/bid/1805/info A vulnerability exists in xlib, the C language interface to the X Window System protocol. When applications linked to the xlib library are run, user-supplied values for the DISPLAY environment variable and the command-line argument -display are...