WEB-PHP
All Categories
index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter.
Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter.
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen.
dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters.
phpbb quick-reply.php arbitrary command attempt
external include path
squirrel mail spell-check arbitrary command attempt
Phorum /support/common.php attempt
Phorum /support/common.php access
strings overflow
Mambo uploadimage.php upload php file attempt
Mambo upload.php upload php file attempt
b2 cafelog gm-2-b2.php remote command execution attempt
shoutbox.php directory traversal attempt
BLNews objects.inc.php4 remote command execution attempt
ttCMS header.php remote command execution attempt
autohtml.php directory traversal attempt
ttforum remote command execution attempt
autohtml.php access
ttCMS header.php access
test.php access
BLNews objects.inc.php4 access
Turba status.php access
shoutbox.php access
b2 cafelog gm-2-b2.php access
TextPortal admin.php default password (admin) attempt
TextPortal admin.php default password (12345) attempt
Mambo uploadimage.php access
Mambo upload.php access
phpBB privmsg.php access
p-news.php access
Phorum authentication access
Messagerie supp_membre.php access
php.exe access
Phorum admin access
Phorum read access
Phorum violation access
Phorum code access
phpbb quick-reply.php access
calendar.php access
readmsg.php access
bb_smilies.php access
edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function.
admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy.
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execure arbitrary commands via shell metacharacters.
Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.
phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS message containing shell metacharacters.
Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter.
IPS Alert Level
Low
Medium
High
Home
|
Products
|
Applications
|
Markets
|
Support
|
How to Buy
|
Channel Partners
|
Company
Comprehensive Internet Security ®
2003 SonicWALL, Inc. |
Privacy Statement