CVE-2007-2624

The CVE-2007-2624 entry concerns All In One Control Panel (AIOCP) before 1.3.016, where a dynamic variable evaluation vulnerability in shared/config/cp_config.php enables remote XSS via the SERVER superglobal array. The issue stems from processing user-supplied data in SERVER-related variables, a...

Code injection

WikkaWiki Wikka Wiki before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKACONFIG environment variable...

Debian DSA-1287-1 : ldap-account-manager - multiple vulnerabilities

Two vulnerabilities have been identified in the version of ldap-account-manager shipped with Debian 3.1 sarge. - CVE-2006-7191 An untrusted PATH vulnerability could allow a local attacker to execute arbitrary code with elevated privileges by providing a malicious rm executable and specifying a PA...

CVE-2007-2553

Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable...

DSA-1287-1 ldap-account-manager

Bulletin has no description...

YaPIG 0.95b Remote Code Execution Exploit

No description provided by source. ?php / This module adds a comment file in $giddir . $gid . "" .$phid file Each File will have this format if $SEPARATOR=":"; title:author:date:email:web:message\n if a message contains "\n" character, it will be replaced with "br /" The variables receives by the...

Cross site scripting

Dynamic variable evaluation vulnerability in shared/config/tceconfig.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting XSS and possibly other attacks by modifying critical variables such as $SERVER, as demonstrated by injecting web script via the...

phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit

No description provided by source. !-- phpMySpace Gold v8.10 - Blind SQL/XPath Injection Exploit Vulnerable Variable: itemid Vulnerable File: modules/news/article.php Vulnerable: phpMySpace Gold v8.10 other versions should also be vulnerable Google d0rk: "Powered by phpMySpace Gold 8.10" John...

phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit

!-- phpMySpace Gold v8.10 - Blind SQL/XPath Injection Exploit Vulnerable Variable: itemid Vulnerable File: modules/news/article.php Vulnerable: phpMySpace Gold v8.10 other versions should also be vulnerable Google d0rk: "Powered by phpMySpace Gold 8.10" John Martinelli [email protected]...

Fedora Core 6 : php-5.1.6-3.5.fc6 (2007-415)

This update fixes a number of security issues in PHP. A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. CVE-2007-1285 A flaw was found in the way...

CVE-2007-2051

Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable...

CVE-2007-2051

Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable...

Buffer overflow

Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable...

CVE-2007-2051

Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable...

CVE-2007-2036

CVE-2007-2036 refers to a vulnerability in the Cisco Wireless LAN Controller (WLC) where the SNMP implementation (pre-20070419) uses default read-only public and read-write private communities. This allows remote attackers to read and modify SNMP variables, potentially gaining full access to SNMP...

security flaw

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...

CyBoards PHP Lite Default_Header.PHP远程文件包含漏洞

CyBoards PHP Lite是一款基于PHP的WEB应用程序。 CyBoards PHP Lite不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'DefaultHeader.PHP'脚本对用户提交的WEB参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 Cyboards PHP Lite 1.21 目前没有解决方案提供： http://www.gold-sonata.com/index.phtml?content=script/forums&menu=script Coded by bd0rk || SOH-Cr...

plphp-multi.txt

. . . . | . .| . .;/ || Infos --------- Date : 2007-04-10 Product : pL-PHP Version : beta 0.9 - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/pl-php/ - http://www.karlcore.com/programming/blog/ Vendor Status : 2007-04-10 - Not Informed! Description : pL-PHP is a ne...

pL-PHP beta 0.9 - Multiple Vulnerabilities

. . . . | . .| . .;/ || .| .net | .| "pL-PHP beta 0.9 - MULTIPLE VULNERABILITIES" by Omni 1 Infos --------- Date : 2007-04-10 Product : pL-PHP Version : beta 0.9 - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/pl-php/ - http://www.karlcore.com/programming/blog/...

pL-PHP beta 0.9 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications =============================================== pL-PHP beta 0.9 Multiple Remote Vulnerabilities =============================================== . . . . | . .| . .;/ || Infos --------- Date : 2007-04-10 Product : pL-PHP Version : beta 0.9 -...