Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2007-02-27 http://www.securityfocus.com/bid/20458/info http://mamboxchange.com/forum/forum.php?forum_id=7767
SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter. Date published : 2007-02-27 http://www.securityfocus.com/bid/20413 http://mamboxchange.com/forum/forum.php?forum_id=7767
PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is...
PHP remote file inclusion vulnerability in phpbb_security.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the php_root_path parameter. Date published : 2007-02-27 http://www.securityfocus.com/bid/20518 http://www.securityfocus.com/archive/1/448607
SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2007-02-27 http://marc.info/?l=bugtraq&m=116205673106780&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/29863
Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) logon_user.php and (2) update_profile.php. Date published : 2007-02-27 http://sourceforge.net/project/shownotes.php?release_id=462654 http://www.vupen.com/english/advisories/2006/4496
CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string,...
The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter. Date published : 2007-02-27...
Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection,...
Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via ".." sequences in the id parameter. Date published : 2007-02-27 http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html http://www.osvdb.org/28639
Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php. Date published : 2007-02-27 http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html http://www.osvdb.org/28637
Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allow remote attackers to execute arbitrary PHP code via the Include parameter to (1) Include/lib.inc.php3 and (2) Include/variables.php3. Date published : 2007-02-27 http://www.securityfocus.com/bid/19904 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-10/0338.html
Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter. Date published : 2007-02-27 http://www.securityfocus.com/bid/20161 https://www.exploit-db.com/exploits/2415
Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption[‘pagetype’] variable. Date published...