The fdctrl_handle_drive_specification_command() function in the code that emulates the Floppy Disk Controller in QEMU does not properly reset the index within a buffer when processing user-controlled data, leading to a heap-based buffer overflow in the QEMU process that runs on the Host system. An attacker running code within a Guest operating system can exploit this vulnerability in order to escape from the QEMU virtual machine and execute arbitrary code on the Host operating system. This vulnerability is also known as VENOM.
Zen Cart is prone to a vulnerability that attackers can leverage to execute arbitrary code. This issue occurs in the 'admin/record_company.php' script. Specifically, the application fails to sufficiently sanitize user-supplied input to the 'frmdt_content' parameter of the 'record_company_image' array.
A Remote Code Execution issue has been found in Zabbix version 1.6.2 and no authentication is required in order to exploit this vulnerability. Magic Quotes must be turned off in order to exploit this vulnerability. NOTE: Magic quotes is no longer supported by PHP starting with PHP 6.0
Input passed to the mydirname parameter in xoops_lib/modules/protector/oninstall.php, xoops_lib/modules/protector/onupdate.php, xoops_lib/modules/protector/notification.php, and xoops_lib/modules/protector/onuninstall.php is not properly sanitised before being used in an eval() statement. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation requires that register_globals is enabled.
Vulnerable code to arbitrary PHP code jnjection (works with magic_quotes_gpc = off) in /includes/converter.inc.php.
A unrestricted file upload vulnerability exists in includes/inline_image_upload.php within AutoSec Tools V-CMS 1.0. This allows remote attackers to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file in temp.
Traq is vulnerable to an authentication bypass vulnerability, which leads to PHP code injection.
An unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
The spywall/blocked_file.php script of Symantec Web Gateway allows remote unauthenticated users to upload files with arbitrary extensions. This can be abused by attackers to execute arbitrary PHP code on vulnerable systems.