X-Cart is a commercial web based eCommerce solution written in PHP and MySQL that allows for webmasters to host an online marketplace. Unfortunately an attacker may be able to execute arbitrary php code on an X-Cart installation by overwriting key configuration variables. However, because the vulnerability allows for any variables to be overwritten other attacks such as SQL Injection are probably possible as well.
Claroline is vulnerable to an arbitray file inclusion issue that may allow for remote code execution. The vulnerability is due to an uninitialized array being used to include files. The vulnerable code in claro_init_local.inc.php can be seen below. Unfortunately there is no authentication needed to exploit this issue, thus allowing an attacker to easily include files via the extAuthSource[newUser] variable.
CubeCart is vulnerable to Cross Site Scripting attacks, SQL Injection attacks, and possible remote code execution due to an attacker being able to include arbitrary php code. An uninitialized array is used in an sql query and in the rendered template, thus allowing for cross site scripting attacks.
The PHP Base Library aka PHPLib is a toolkit for PHP developers supporting them in the development of Web applications. The phpLib codebase can be found in a number of applications available today. Unfortunately some of the session emulation code is vulnerable to SQL Injection issues that in a worst case scenario can lead to remote code execution by using UNION and selecting arbitrary php code into an eval call.
SquirrelMail contains a vulnerability that may allow an authenticated user to overwrite important variables used by SquirrelMail, and ultimately read and or write arbitrary files to the system. Due to the nature of the vulnerability though other attacks may be possible. Again the attacker must first be authenticated, but in a real world scenario it usually is not that hard for an attacker to gain access to an email account that has a weak password via a dictionary attack or other methods.
Gallery2, the open source web based photo album organizer is one of the most popular php web applications available today. Gallery2 suffers from a number of vulnerabilities including IP Spoofing via X_FORWARDED_FOR that may allow a malicious user to hide their identity, script injection via the faulty X_FORWARDED_FOR implementation, and also arbitrary file access which could ultimately lead to the deletion of arbitrary files on the webserver.
There is a very serious, easy to exploit remote code execution issue in the phpRPC library. This issue takes place in the file rpc_decoder.php within the decode() function. This function is basically responsible for decoding the incoming XML data into php readable data that can be used by the application.
Mambo is a popular Open Source Content Management System released under the GNU General Public license (GNU GPL). There are a number of security issues in Mambo which allows for SQL Injection, Authentication Bypass, and possible remote code execution via local file inclusion. The easiest to exploit of the issues allows an attacker to login as any user. The only info the attacker has to have is the target username (if no user is specified, the first user from the users table will be selected instead).
LiveUser is a user authentication and permission management framework that is part of php's PEAR Library. LiveUser has many different features, including the ability to remember a user via cookies. Unfortunately there is an issue with how extracted cookie data is handled by the LiveUser library within the remember feature which makes it possible for an attacker to gain access to, and even delete potentially sensitive files on the webserver.
ADOdb is a database abstraction library for php used by a great deal of projects to provide support for a number of well known database api's. ADOdb also comes with various functions to perform routine database related tasks. One of the more useful of these functions is ADOdb's ability to paginate the retrieved database records by using the ADODB_Pager class. However, there are several cross site scripting issues within the ADODB_Pager class that may allow for an attacker to render malicious client side code in the victims browser. An updated version of ADOdb has been released, and users should update their ADOdb library.
Services By CQR