Plume CMS 1.0.3 - manager_path Remote File Inclusion

Plume CMS 1.0.3 - managerpath Remote File Inclusion Vendor: Plume CMS http://plume-cms.net Vuln: Remote File Include Discovered: beford Vulnerable File/Code ./plume-1.0.3/manager/frontinc/prepend.php code includeonce $PXconfig'managerpath'.'/conf/config.php'; /code...

Remote file inclusion

PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magicquotesgpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie...

phpListPro 2.0.1 - 'Language' Remote Code Execution

!/usr/bin/perl Title: phpListPro = 2.0.1 Remote Command Execution Exploit URL: http://www.smartisoft.com/ Info: - arbitrary local inclusion - need magicquotesgpc=off use IO::Socket; use LWP::Simple; ripped from rgod @apache= "/var/log/httpd/accesslog%00", "/var/log/httpd/errorlog%00",...

[Kurdish Security # 7] Foing Remote File Include Vulnerability [PHPBB]

Kurdish Security Advisory Original Advisory : http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-remote-file.html Foing Remote File Include Vulnerability PHPBB : "Ey Tarih ya sana basarilar atfedecegiz ya da seni yasanmamis sayacagiz ." Abdullah Ocalan STOP THE MASSACRE IN THE...

Information disclosure

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1910

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1910

This CVE affects S9Y Serendipity 1.0 beta 2, where config.php values stored by the application can be edited to inject and later execute arbitrary PHP code. The underlying issue is PHP code execution triggered by manipulated config.php content, enabling remote code execution with likely impact to...

CVE-2006-1910

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

MyEvent Remote File Execution And XSS Attacking

Website : http://mywebland.com/ Script : MyEvent Version : 1.2 Risk : High Class : Remote Credits : b3g0k,Nistiman,flot,Netqurd etc.. my forget other friends Google look for : = "MyEvent 1.2 " or "/calendar/myevent.php" I. Remote Code Execution This is script to very big high it bug being found...

Remote file inclusion

PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well...

CVE-2006-1749

CVE-2006-1749 affects phpListPro 2.0 and earlier. The issue is a PHP remote file inclusion vulnerability where input from the returnpath parameter (in config.php and related scripts) can be used to include arbitrary PHP code, enabling code execution on the server. Exploitation is described as pos...

phpListPro <= 2.0 - Remote File Include Vulnerability

phpListPro = 2.0 - Remote File Include Vulnerability -------------------------------------------------------- Software: phpListPro Version: =2.00 Type: Remote File Include Vulnerability Date: April, 11th 2006 Vendor: SmartISoft Page: http://smartisoft.com Risc: High Credits:...

Code injection

Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php...

CVE-2006-1576

Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php...

CVE-2006-1576

QLnews 1.2 contains a direct static code injection vulnerability that lets remote authenticated administrators execute arbitrary PHP code by modifying config.php. Root cause is injection via config.php; impact across confidentiality, integrity, and availability is implied in CVSS 2.0. No patch is...

CVE-2006-1087

Direct static code injection vulnerability in the modifyconfig action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the optionnewcompatibilitymode parameter, which is not filtered before being stored in config.php. NOTE...

CVE-2006-1087

Direct static code injection vulnerability in the modifyconfig action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the optionnewcompatibilitymode parameter, which is not filtered before being stored in config.php. NOTE...

CVE-2006-0810

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection...

CVE-2006-0810

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection...

FCKEditor 2.0 2.2 - FileManager connector.php Arbitrary File Upload

FCKEditor 2.0 2.2 - FileManager connector.php Arbitrary File Upload a short explaination: if a user cam call directly http://target/path/editor/filemanager/browser/default/connectors/php/connector.php he can upload malicious contempt on a target server, including arbitrary php code, and launch...