Lucene search
K

7210 matches found

NVD
NVD
added 2007/04/19 10:19 a.m.18 views

CVE-2007-2148

Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...

6.5CVSS6.9AI score0.01991EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/04/19 10:0 a.m.25 views

CVE-2007-2155

Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. dot dot in the modify parameter in a template action to admin/index.php...

6.6AI score0.02853EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/04/19 10:0 a.m.30 views

CVE-2007-2148

Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...

6.9AI score0.01991EPSS
Exploits0References4
securityvulns
securityvulns
added 2007/04/19 12:0 a.m.64 views

Anthologia 0.5.2 (index.php ads_file) Remote File Inclusion Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- ANTHOLOGIA 0.5.2 -=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- Author : Dj7xpl / Dj7xplatYahoodotcom Type : Remote File Inclusion Vuln Download: http://www.dbfweb.com/download/anthologia-last.tgz Page:...

2.3AI score
Exploits0
Packet Storm
Packet Storm
added 2007/04/19 12:0 a.m.24 views

gizzar-rfi.txt

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Gizzar = basePath Remote File Include Vulnerability Download: http://mesh.dl.sourceforge.net/sourceforge/gizzar/gizzar-03162002.tar.gz Discover: BorN To K!LL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Bug in: index.php code:...

7.4AI score
Exploits0
Prion
Prion
added 2007/04/18 10:19 a.m.10 views

Directory traversal

Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the themeurl parameter to 1 index.php, 2 page.php, 3 search.php, 4 single.php, and 5 archives.php...

7.5CVSS7.8AI score0.01831EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2007/04/18 10:19 a.m.11 views

CVE-2007-2106

Directory traversal vulnerability in index.php in Kai Content Management System K-CMS 1.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the currenttheme parameter...

7.5CVSS7.1AI score0.01464EPSS
Exploits0References3
Prion
Prion
added 2007/04/18 10:19 a.m.9 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 writerFile parameter to index.php and the 2 file parameter to Integrator.php...

7.5CVSS8.2AI score0.0158EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2007/04/18 10:0 a.m.45 views

CVE-2007-2090

CVE-2007-2090 is a Cross-site scripting (XSS) vulnerability in TuMusika Evolution 1.6, fixed by abusing index.php via the msg parameter to inject arbitrary script/HTML. The vulnerability’s CVSS v2 base score is 6.8 (Medium) with partial impact on confidentiality, integrity, and availability, and ...

6.8CVSS5.7AI score0.01665EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2007/04/18 10:0 a.m.42 views

CVE-2007-2104

CVE-2007-2104 affects iXon CMS 0.30. The vulnerability is a directory traversal in the theme_url parameter that allows remote attackers to include and execute arbitrary local files via a .. traversal in (1) index.php, (2) page.php, (3) search.php, (4) single.php, and (5) archives.php. Impact is d...

7.5CVSS7.3AI score0.01831EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2007/04/18 10:0 a.m.19 views

CVE-2007-2104

Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the themeurl parameter to 1 index.php, 2 page.php, 3 search.php, 4 single.php, and 5 archives.php...

7.3AI score0.01831EPSS
Exploits0References8
CVE
CVE
added 2007/04/18 10:0 a.m.53 views

CVE-2007-2084

CVE-2007-2084 affects MobilePublisherphp version 1.1.2 and is described as a PHP remote file inclusion vulnerability in the admin directory. The issue permits an attacker to supply a URL in the auth_method parameter to any of the admin PHP files (index.php, list.php, postreview.php, reindex.php, ...

6.8CVSS7.6AI score0.01405EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2007/04/18 10:0 a.m.41 views

CVE-2007-2105

CVE-2007-2105 affects Monkey CMS 0.0.3. The vulnerability is a directory traversal in admin/index.php that lets an attacker cause local-file inclusion and execution by supplying … in the admin_skin parameter, enabling arbitrary code execution on the server. The NVD entry reports a CVSS v2 base sc...

7.5CVSS7.1AI score0.0151EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2007/04/18 3:19 a.m.15 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abspath parameter to 1 index.php or 2 checkout.php...

7.5CVSS7.8AI score0.09423EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2007/04/18 2:20 a.m.30 views

CVE-2007-2082

Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this...

6.9AI score0.01152EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2007/04/18 12:0 a.m.6 views

PT-2007-3420 · Maian · Maian Weblog

Name of the Vulnerable Software and Affected Versions: Maian Weblog version 3.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the path to folder parameter in the index.php file. However, it's noted that this issue was disputed by a third-party researche...

6.8CVSS8AI score0.01714EPSS
Exploits1References8
exploitpack
exploitpack
added 2007/04/17 12:0 a.m.6 views

Anthologia 0.5.2 - index.php?ads_file Remote File Inclusion

Anthologia 0.5.2 - index.php?adsfile Remote File Inclusion -=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- ANTHOLOGIA 0.5.2 -=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- Author : Dj7xpl / Dj7xplatYahoodotcom Type : Remote File Inclusion Vuln Download:...

0.4AI score
Exploits0
0day.today
0day.today
added 2007/04/17 12:0 a.m.41 views

Anthologia 0.5.2 (index.php ads_file) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ========================================================================= Anthologia 0.5.2 index.php adsfile Remote File Inclusion Vulnerability =========================================================================...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/04/17 12:0 a.m.24 views

SmodBIP Index.PHP SQL注入漏洞

SmodBIP是一款基于PHP的WEB应用程序。 SmodBIP不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息。 问题是'Index.PHP'脚本对用户提交的'id'参数缺少过滤,提交恶意SQL代码作为参数数据,可导致更改原来的SQL逻辑,获得敏感信息。 SmodBIP 1.06 目前没有解决方案提供: http://www.smod.pl/ ? / Autor: Kacper Contact: [email protected] Homepage: http://www.rahim.webd.pl/ Irc: irc.milw0rm.com:66...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2007/04/17 12:0 a.m.28 views

sunshop-rfi.txt

sunshop 4 index.php Remote File Include Vulnerability ----------------------------------------------------------------------------------------- scripts : SunShop v3.5/4.0 Discovered By : irvian scripts site : http://www.turnkeywebtools.com/sunshop/ Thanks To : hitamputih nyubicrew patihack specia...

7.4AI score
Exploits0
Rows per page
Query Builder