Remote file inclusion

PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter...

Oreon lang/index.php file Parameter Remote File Inclusion

The remote host is running Oreon, a web-based network supervision program based on Nagios. The installation of Oreon on the remote host fails to sanitize input to the 'file' parameter of the 'lang/index.php' script before using it to include PHP code. Regardless of PHP's 'registerglobals' setting...

Directory traversal

download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability...

CVE-2006-6808

Cross-site scripting XSS vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the getfiledescription function in wp-admin/admin-functions.php...

CVE-2006-6808

Cross-site scripting XSS vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the getfiledescription function in wp-admin/admin-functions.php...

DEBIAN-CVE-2006-6808

Cross-site scripting XSS vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the getfiledescription function in wp-admin/admin-functions.php...

CVE-2006-6808

Cross-site scripting XSS vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the getfiledescription function in wp-admin/admin-functions.php...

cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability

Exploit for unknown platform in category web applications ================================================================ cwmExplorer 1.0 showfile Source Code Disclosure Vulnerability ================================================================ Title : cwmExplorer 1.0 showfile Source Code...

CVE-2006-6419

jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor JCE 1.1.0 beta 2 and earlier for Joomla! comjce allows remote attackers to include and possibly execute arbitrary local files via the 1 plugin or 2 file parameter. NOTE: The provenance of this information is unknown; the...

CVE-2006-6268

SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under LDU 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif"...

CVE-2006-6028

Directory traversal vulnerability in textview.php in Anton Vlasov DoSePa 1.0.4 allows remote attackers to read arbitrary files via a .. dot dot sequence or absolute file path in the file parameter...

PT-2006-6675 · Dosepa · Dosepa

Name of the Vulnerable Software and Affected Versions: DoSePa version 1.0.4 Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. dot dot sequence or absolute file path in the file parameter. Recommendations: For version...

CVE-2006-4081

previewemail.cgi in Barracuda Spam Firewall BSF 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters "|" pipe symbol in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000...

CVE-2006-3737

Cross-site scripting XSS vulnerability in filemanager/filemanager.php in the control panel in SWsoft Plesk 8.0 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the file parameter...

CVE-2006-2437

The CVE-2006-2437 entry concerns Caucho Resin’s viewfile servlet in the Resin documentation package (resin-doc) for versions 3.0.17 and 3.0.18. The available sources in the connected documents describe an arbitrary file disclosure: an unauthenticated remote attacker can obtain the contents of fil...

Directory traversal

Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. dot dot sequences in the helpfile parameter...

Coppermine Photo Gallery index.php file Parameter Local File Inclusion

The version of Coppermine Gallery installed on the remote host fails to properly sanitize input to the 'file' parameter of the 'index.php' script before using it in a PHP 'includeonce' function. Regardless of PHP's 'registerglobals' setting, an unauthenticated attacker may be able to exploit this...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in bol.cgi in BlankOL 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 file or 2 function parameter...

DEBIAN-CVE-2006-0626

SQL injection vulnerability in spipaccesdoc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in throw.main in Outblaze allows remote attackers to inject arbitrary web script or HTML via the file parameter...