functionsphp software vulnerabilities
vulnerabilities.aspcode.net
Searching functionsphp software vulnerabilities
Cross-site scripting (XSS) vulnerability in Sar
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via a website field in a new comment to view.php, which is not properly handled in the comment function in functions.php.
Multiple SQL injection vulnerabilities in Pixel
vulnerabilities
|
Pixelpost
|
arbitrary
|
attackers
|
injection
|
commands
|
Multiple
|
execute
|
earlier
|
remote
|
allow
|
beta
|
via
|
SQL
|
Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.
Jemscripts DownloadControl 1.0 allows remote at
DownloadControl
|
information
|
Jemscripts
|
sensitive
|
attackers
|
parameter
|
pathname
|
invalid
|
message
|
remote
|
allows
|
obtain
|
leaks
|
error
|
dcphp
|
which
|
dcid
|
via
|
Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
AssoCIateD
|
inclusion
|
Multiple
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) profile.php, (3) users.php, (4) cache_mngt.php, and (5) gallery_functions.php.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
Multi-Page
|
inclusion
|
Multiple
|
Comment
|
System
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Cross-site scripting (XSS) vulnerability in wp-
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php.
Multiple SQL injection vulnerabilities in Mathi
vulnerabilities
|
Dirksen-Thedens
|
ZephyrSoft
|
injection
|
Continued
|
Multiple
|
Address
|
Toolbox
|
Mathis
|
Book
|
SQL
|
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information.
Multiple PHP remote file inclusion vulnerabilit
GALLERY_BASEDIR
|
vulnerabilities
|
StoreFront
|
attackers
|
inclusion
|
parameter
|
arbitrary
|
Multiple
|
execute
|
Gallery
|
remote
|
allow
|
code
|
mods
|
file
|
PHP
|
via
|
URL
|
Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php.
WordPress before 2.2.2 allows remote attackers
WordPress
|
before
|
WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.
The G/PGP (GPG) Plugin 2.0, and 2.1dev before 2
G/PGP
|
The G/PGP (GPG) Plugin 2.0, and 2.1dev before Tuesday, September 12, 2006, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message.
Multiple PHP remote file inclusion vulnerabilit
_SERVER[DOCUMENT_ROOT]
|
vulnerabilities
|
PHPCentral
|
attackers
|
inclusion
|
parameter
|
arbitrary
|
Multiple
|
execute
|
remote
|
Script
|
allow
|
code
|
Poll
|
file
|
PHP
|
via
|
URL
|
Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll Script 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter in (1) poll.php and (2) pollarchive.php. NOTE: a reliable third party states that this issue is resultant from a variable extraction error in functions.php.
Multiple SQL injection vulnerabilities in Torre
vulnerabilities
|
TorrentTrader
|
injection
|
Multiple
|
before
|
SQL
|
Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) account-inbox.php, (2) account-settings.php, and possibly (3) backend/functions.php.
Software vulnerabilities results 1 to 13 of 13
Page:
1