phpMyNewsletter version 0.6.10 suffers from a remote file inclusion vulnerability in customize.php.
0333f2da914b3e2bd412cdca1fa72c61409478150c888babb33ddd2e0336cfb1PHP Advanced Poll v2.0.2 contains remotely exploitable PHP code injection, file include, and phpinfo vulnerabilities. Exploit URLs and vulnerable code snippets included. Patch and vulnerability details available here.
6008eb83abb995f5d86ca8e6da5d1c3d4e7dd8f7e12ece0b469a3c5301799f86myPHPCalendar version 10192000 Build 1 Beta has information disclosure and file inclusion vulnerabilities that lie in the admin.php, contacts.php, and convert-date.php files.
f56d14d24dbb672d0ed0dc9af5d9067138454aecf329388b20d3cfd8edb2dbecGuppY versions 2.4p3 and below are susceptible to cross site scripting attacks and have a lack of authentication when various data submissions are performed.
638ddd4acfb1768d65554ad49dc68964fd98689e44a4646b73d7ba18355e680bEMML version 1.32, or EternalMart Mailing List Manager, and EMGB version 1.1, or EternalMart Guestbook, are both vulnerable to cross site scripting attacks that allow for remote PHP code execution from another site.
850e833f809c4877c234514fd44139518b0302cac84561137c81c6348bc08e0ePHP Nuke 6.7 is susceptible to allowing arbitrary file upload and execution via the file mailattach.php.
685e128399a15d42c3ea8f47b608c882803d1bd7b26e13a3e5a915ccdbd4fabfmyPHPNuke version 1.8.8_7 performs improper variable sanitizing that will inadvertently allow a remote attacker to upload files from another site to the current site.
3a1d3adb28ded0cb43ab4856777f220e3e957aa1f45290d28d02a1d2cd088a90A cross site scripting vulnerability was found in the 1.3.x and below versions of the NewBB PHP forum.
00d96f7169f7641a97347e52b62e2660900b9502f3e7ee0e9f0830b0edd7b6c5Pmachine version 2.2.1 has a fault Include() routine that allows a remote attacker to supply a malicious URL that in turn can be a script that the webserver will then execute.
3a954f23f36da44d1a53b9c709a5c45c9eee6bf4b1b93f9c0048194f7b4eb754A problem exists in True Galerie v1.0 that allows a remote attacker to obtain administrative access to this utility due to misuse of cookies.
d60704ec2fd8a3caefc2462af52a5c5019ab052febae606e69424fa837d5ec1aPHP Nuke 6.0 has vulnerabilities in the Forums and Private_Messages modules which allow attackers to save forum information and user data to a text file.
7b1313ba497ad7dec8ca3b3a90d79592630c5aa71b940def865f36032997e154PHP Nuke 6.0 is vulnerable to multiple SQL injection attacks that will allow an attacker to access member lists, show users by user ID, show moderators, show administrators, privilege escalation, and more.
fe41573d8793ef04be219cd767b52d76999813cb7aff1ed34330fd4dc79bbdee
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed