PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter. Date published...
PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. Date published : 2006-09-01 http://www.securityfocus.com/bid/19775 http://www.securityfocus.com/archive/1/444882/100/0/threaded
Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php. Date published : 2006-09-01 http://www.securityfocus.com/bid/19790 http://www.securityfocus.com/archive/1/444845/100/0/threaded
SQL injection vulnerability in recherchemembre.php in membrepass 1.5. allows remote attackers to execute arbitrary SQL commands via the recherche parameter. Date published : 2006-09-01 http://www.securityfocus.com/bid/19791 http://www.securityfocus.com/archive/1/444845/100/0/threaded
Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php. Date published...
includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks. Date published...
SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter. Date published : 2006-09-01 http://www.securityfocus.com/bid/19782 http://cubecart.com/site/forums/index.php?showtopic=21540
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array. Date published : 2006-09-01 http://www.securityfocus.com/bid/19782 http://cubecart.com/site/forums/index.php?showtopic=21540
Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from...
The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request. Date published...
Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors. Date published : 2006-09-01 http://www-1.ibm.com/support/docview.wss?uid=isg1IY89045 http://www-1.ibm.com/support/docview.wss?uid=isg1IY89052