SonicWALL Internet Security: SonicALERT

WEB-PHP All Categories

	index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.
	Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter.
	PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
	Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
	SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
	Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen.
	dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters.
	phpbb quick-reply.php arbitrary command attempt
	external include path
	squirrel mail spell-check arbitrary command attempt
	Phorum /support/common.php attempt
	Phorum /support/common.php access
	strings overflow
	Mambo uploadimage.php upload php file attempt
	Mambo upload.php upload php file attempt
	b2 cafelog gm-2-b2.php remote command execution attempt
	shoutbox.php directory traversal attempt
	BLNews objects.inc.php4 remote command execution attempt
	ttCMS header.php remote command execution attempt
	autohtml.php directory traversal attempt
	ttforum remote command execution attempt
	autohtml.php access
	ttCMS header.php access
	test.php access
	BLNews objects.inc.php4 access
	Turba status.php access
	shoutbox.php access
	b2 cafelog gm-2-b2.php access
	TextPortal admin.php default password (admin) attempt
	TextPortal admin.php default password (12345) attempt
	Mambo uploadimage.php access
	Mambo upload.php access
	phpBB privmsg.php access
	p-news.php access
	Phorum authentication access
	Messagerie supp_membre.php access
	php.exe access
	Phorum admin access
	Phorum read access
	Phorum violation access
	Phorum code access
	phpbb quick-reply.php access
	calendar.php access
	readmsg.php access
	bb_smilies.php access
	edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function.
	admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy.
	prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
	The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execure arbitrary commands via shell metacharacters.
	Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.
	phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS message containing shell metacharacters.
	Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter.

IPS Alert Level

Low

Medium

High


		Home \| Products \| Applications \| Markets \| Support \| How to Buy \| Channel Partners \| Company

		Comprehensive Internet Security ® 2003 SonicWALL, Inc. \| Privacy Statement