Design/Logic Flaw

downloadscript.asp in ASP Folder Gallery allows remote attackers to read arbitrary files via a filename in the file parameter...

CVE-2007-3158

downloadscript.asp in ASP Folder Gallery allows remote attackers to read arbitrary files via a filename in the file parameter...

CVE-2007-2368

picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter...

CVE-2007-2368

WebSPELL 4.01.02 (and earlier) is affected in picture.php where the file parameter can be abused to read arbitrary files. Root cause: improper handling of the file parameter allows remote attackers to access files, with no authentication and network-based access. The issue has a NVD CVSS v2 base ...

CVE-2007-2157

CVE-2007-2157 describes a directory traversal vulnerability in the Zomplog 3.8 application, specifically in upload/force_download.php. An attacker can use a dot-dot (..) sequence in the file parameter to read arbitrary files. The NVD entry confirms the issue and lists a high impact potential for ...

CVE-2007-1987

Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pluginfile parameter to smarty/internals/core.loadpulgins.php or the 2 rootpath parameter to index.php. NOTE: CVE disputes 1 because the inclusion occurs...

Design/Logic Flaw

download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter...

CVE-2007-1698

download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter...

iFrame for Phpnuke (iframe.php) Remote File Inclusion Vulnerability

No description provided by source. iFRAME for PhpNuke iframe.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=uTRRQnIjG file : iframe.php Dork : "/nuke/iframe.php" Found by & Contact : Cold z3ro , [email protected] ,...

PT-2007-2850 · Php · Php Photo Album

Name of the Vulnerable Software and Affected Versions: PHP Photo Album versions prior to 0.3.2.6 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the db file parameter in the common.php file. It is noted that versions 0.3.2.6 and 0.4.1beta do not contain...

CVE-2007-1393

CVE-2007-1393 describes a PHP remote file inclusion vulnerability in mysave.php of Magic CMS 4.2.747, allowing remote attackers to execute arbitrary PHP code by supplying a URL in the file parameter. The NVD metrics indicate a high-severity, network-accessible flaw with complete impact on confide...

LedgerSMB / SQL-Ledger file Parameter Multiple Vulnerabilities

The remote host is running LedgerSMB or SQL-Ledger, a web-based double-entry accounting system. The version of LedgerSMB or SQL-Ledger on the remote host fails to properly sanitize the 'file' parameter of the 'am.pl' script before using it in various template routines in the 'AM.pm' module. An...

Code injection

inc/filebrowser/browser.php in deV!Lz Clanportal DZCP 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter...

CVE-2007-1167

inc/filebrowser/browser.php in deV!Lz Clanportal DZCP 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter...

CVE-2007-1167

inc/filebrowser/browser.php in deV!Lz Clanportal DZCP 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter...

EUVD-2007-1164

inc/filebrowser/browser.php in deV!Lz Clanportal DZCP 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter...

phptraffic-lfi.txt

------=Part1622826164291.1172086007407 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline phpTrafficA-1.4.1 Local File Inclusion phpTrafficA is a GPL statistical tool for web traffic analysis, written in php and mySQL. It can...

DEBIAN-CVE-2007-1049

Cross-site scripting XSS vulnerability in the wpexplainnonce function in the nonce AYS functionality wp-includes/functions.php for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and...

WordPress <= 2.1.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "file" parameter. Solution Update the WordPress to the latest available version at least 2.1.1...

PT-2007-1290 · Develooping · Develooping Flash Chat

Name of the Vulnerable Software and Affected Versions: Develooping Flash Chat affected versions not specified Description: A remote file inclusion issue in the adminips.php file of Develooping Flash Chat allows remote attackers to execute arbitrary PHP code via a URL in the banned file parameter...