Searching register globals software vulnerabilities

Zeroboard 4.1, when the "allow_url_fopen" and "

"register_globals" | "allow_url_fopen" | arbitrary | attackers | modifying | reference | parameter | variables | Zeroboard | _zb_path | contains | execute | enabled | server | allows | remote | code | web | PHP | URL |

Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code.


Unknown vulnerability in Tutti Nova 0.10 throug

vulnerability | Unknown | Tutti | Nova |

Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4, when register_globals is enabled, has unknown impact and attack vectors.


Unknown vulnerability in Rippy the Aggregator b

vulnerability | Aggregator | Unknown | before | Rippy |

Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter."


prefs.php in SquirrelMail before 1.4.4, with re

SquirrelMail | prefsphp | before |

prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.


The SimpleXMLRPCServer library module in Python

SimpleXMLRPCServer | library | before | Python | module |

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.


Cross-site scripting (XSS) vulnerability in adf

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter.


core/database_api.php in Mantis 0.19.0a1 throug

core/database_apiphp | register_globals | bug#0005956 | identified | monitoring | modifying | attackers | g_db_type | responses | databases | internal | variable | enabled | through | connect | 0190a1 | Mantis | allows | remote | 100a3 | speed |

core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.


SQL injection vulnerability in news.php for Uto

vulnerability | injection | newsphp | Utopia | News | Pro | SQL |

SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary SQL via the newsid parameter.


The RFC1867 file upload feature in PHP 4.x up t

feature | RFC1867 | upload | file | PHP |

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.


SQL injection vulnerability in search.php in Ph

vulnerability | searchphp | injection | 500alpha | through | Phorum | SQL |

SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter.


globals.php in Mambo Site Server 4.0.14 and ear

globalsphp | Server | Mambo | Site |

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.


phgstats.inc.php in phgstats before 0.5.1, if r

phgstatsincphp | phgstats | before |

phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.


Sugar Suite Open Source (SugarCRM) 4.2 and earl

Source | Suite | Sugar | Open |

Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter.


PHP remote file inclusion vulnerability in admi

admin/lib_action_stepphp | vulnerability | inclusion | Tickets | remote | Open | file | PHP | Hot |

PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability.


PHP remote file inclusion vulnerability in cont

contrib/forms/evaluation/C_FormEvaluationclassphp | vulnerability | inclusion | OpenEMR | remote | file | PHP |

PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_FormEvaluation.class.php in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fileroot] parameter.


PHP remote file inclusion vulnerability in libs

libs/dbmax/mysqlphp | vulnerability | ZoomStats | inclusion | remote | file | PHP |

PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ZoomStats 1.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[lib][db][path] parameter.


Unspecified vulnerability in Ampache 3.3.2 and

vulnerability | Unspecified | Ampache |

Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access.


Unspecified vulnerability in phpMyFAQ 1.6.9 and

vulnerability | Unspecified | phpMyFAQ |

Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server."


include/common.php in PunBB 1.2.14 and earlier

include/commonphp | PunBB |

include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters. NOTE: the vendor disputes the significance of the issue, stating that "eTicket is not designed to work with register_globals On."


Software vulnerabilities results 1 to 20 of 331     
Page: 12345...17