Sql injection

JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact...

CVE-2008-4105

Affected product: Joomla! 1.5 (before 1.5.7). The issue arises from JRequest::setVar not being sanitized, allowing remote attackers to perform variable injection with unspecified impact. Base CVSS v2.0 score 7.5 (HIGH) with network access, low attack complexity, no authentication required. Remedi...

[20080901] - Core - JRequest Variable Injection

A flaw in JRequest exists where variables set with JRequest::setVar are not cleaned when fetching the variable at a later point in the request. This can result in variable injection unwanted characters injected into returned data...

PHP security----using Register Globals-bug warning-the black bar safety net

Using Register Globals can PHP the most controversial change from PHP " 4.2.0 version of the beginning of the configuration file, registerglobals the default value from on to off. For this option the dependence is so prevalent that many people simply don't know it exists and thought PHP was so...

Debian: Security Advisory (DSA-642-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix several security issues are now available for Red Hat Application Stack. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The...

saforum 注射漏洞

saforum是国内安全研究人员修改过的saforum论坛,但是代码中有一点瑕疵导致可能被获取管理员权限: \include\common.php 行4149引入没有过滤的变量 ------cut----------------- ifgetenv'HTTPCLIENTIP' $onlineip = getenv'HTTPCLIENTIP'; elseifgetenv'HTTPXFORWARDEDFOR' $onlineip = getenv'HTTPXFORWARDEDFOR'; elseifgetenv'REMOTEADDR' $onlineip =...

Fedora Core 6 : php-5.1.6-3.5.fc6 (2007-415)

This update fixes a number of security issues in PHP. A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. CVE-2007-1285 A flaw was found in the way...

CVE-2006-4530

Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php...

pearl24.txt

Pearl Products Multiple Remote File Inclusion Discovered By zero Moroccan Security Team Affected softwares: Pearl Forums 2.4 Ngoc Biec 1.4 Pearl For Biz 2.4 Pearl For Mambo 1.6 URL : http://sourceforge.net/projects/pearlforums/ Risk : High Impact: System access ------ PoC...

Easypx41 - Multiple Variable Injection Vulnerabilities

Easypx41 - Multiple Variable Injection Vulnerabilities source: https://www.securityfocus.com/bid/14421/info Easypx41 is prone to multiple variable injection vulnerabilities. An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged...

Easypx41 - Multiple Variable Injection Vulnerabilities

source: https://www.securityfocus.com/bid/14421/info Easypx41 is prone to multiple variable injection vulnerabilities. An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged information. Information obtained may aid in further...

GLSA-200503-07 : phpMyAdmin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200503-07 phpMyAdmin: Multiple vulnerabilities phpMyAdmin contains several security issues: Maksymilian Arciemowicz has discovered multiple variable injection vulnerabilities that can be exploited through '$cfg' and 'GLOBALS'...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description phpMyAdmin contains several security issues: Maksymilian Arciemowicz has discovered multiple variable injection vulnerabilities that can be exploited through...

A variable injection vulnerability was found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting (XSS) attacks and / or perform remote file inclusion.

PMASA-2005-1 Announcement-ID: PMASA-2005-1 Date: 2005-02-25 Summary A variable injection vulnerability was found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting XSS attacks and / or perform remote file inclusion. Description We received two bug reports by Maksymilian...

[SECURITY] [DSA 642-1] New gallery packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 642-1 [email protected] http://www.debian.org/security/ Martin Schulze January 17th, 2005 http://www.debian.org/security/faq -...

Debian DSA-642-1 : gallery - several vulnerabilities

Several vulnerabilities have been discovered in gallery, a web-based photo album written in PHP4. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2004-1106 Jim Paris discovered a cross site scripting vulnerability which allows code to be inserted ...

DSA-642-1 gallery - several

Bulletin has no description...

Gallery 1.3.x/1.4 - Remote Global Variable Injection

source: https://www.securityfocus.com/bid/9490/info It has been reported that Gallery is prone to a vulnerability that may allow a remote attacker to gain unauthorized access by overwriting various values for global variables. The issue occurs due to improper simulation of the behaviour of...

Gallery 1.3.x1.4 - Remote Global Variable Injection

Gallery 1.3.x1.4 - Remote Global Variable Injection source: https://www.securityfocus.com/bid/9490/info It has been reported that Gallery is prone to a vulnerability that may allow a remote attacker to gain unauthorized access by overwriting various values for global variables. The issue occurs d...