7210 matches found
CVE-2007-2148
Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...
CVE-2007-2155
Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. dot dot in the modify parameter in a template action to admin/index.php...
CVE-2007-2148
Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...
Anthologia 0.5.2 (index.php ads_file) Remote File Inclusion Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- ANTHOLOGIA 0.5.2 -=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- Author : Dj7xpl / Dj7xplatYahoodotcom Type : Remote File Inclusion Vuln Download: http://www.dbfweb.com/download/anthologia-last.tgz Page:...
gizzar-rfi.txt
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Gizzar = basePath Remote File Include Vulnerability Download: http://mesh.dl.sourceforge.net/sourceforge/gizzar/gizzar-03162002.tar.gz Discover: BorN To K!LL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Bug in: index.php code:...
Directory traversal
Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the themeurl parameter to 1 index.php, 2 page.php, 3 search.php, 4 single.php, and 5 archives.php...
CVE-2007-2106
Directory traversal vulnerability in index.php in Kai Content Management System K-CMS 1.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the currenttheme parameter...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 writerFile parameter to index.php and the 2 file parameter to Integrator.php...
CVE-2007-2090
CVE-2007-2090 is a Cross-site scripting (XSS) vulnerability in TuMusika Evolution 1.6, fixed by abusing index.php via the msg parameter to inject arbitrary script/HTML. The vulnerability’s CVSS v2 base score is 6.8 (Medium) with partial impact on confidentiality, integrity, and availability, and ...
CVE-2007-2104
CVE-2007-2104 affects iXon CMS 0.30. The vulnerability is a directory traversal in the theme_url parameter that allows remote attackers to include and execute arbitrary local files via a .. traversal in (1) index.php, (2) page.php, (3) search.php, (4) single.php, and (5) archives.php. Impact is d...
CVE-2007-2104
Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the themeurl parameter to 1 index.php, 2 page.php, 3 search.php, 4 single.php, and 5 archives.php...
CVE-2007-2084
CVE-2007-2084 affects MobilePublisherphp version 1.1.2 and is described as a PHP remote file inclusion vulnerability in the admin directory. The issue permits an attacker to supply a URL in the auth_method parameter to any of the admin PHP files (index.php, list.php, postreview.php, reindex.php, ...
CVE-2007-2105
CVE-2007-2105 affects Monkey CMS 0.0.3. The vulnerability is a directory traversal in admin/index.php that lets an attacker cause local-file inclusion and execution by supplying … in the admin_skin parameter, enabling arbitrary code execution on the server. The NVD entry reports a CVSS v2 base sc...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abspath parameter to 1 index.php or 2 checkout.php...
CVE-2007-2082
Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this...
PT-2007-3420 · Maian · Maian Weblog
Name of the Vulnerable Software and Affected Versions: Maian Weblog version 3.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the path to folder parameter in the index.php file. However, it's noted that this issue was disputed by a third-party researche...
Anthologia 0.5.2 - index.php?ads_file Remote File Inclusion
Anthologia 0.5.2 - index.php?adsfile Remote File Inclusion -=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- ANTHOLOGIA 0.5.2 -=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- Author : Dj7xpl / Dj7xplatYahoodotcom Type : Remote File Inclusion Vuln Download:...
Anthologia 0.5.2 (index.php ads_file) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ========================================================================= Anthologia 0.5.2 index.php adsfile Remote File Inclusion Vulnerability =========================================================================...
SmodBIP Index.PHP SQL注入漏洞
SmodBIP是一款基于PHP的WEB应用程序。 SmodBIP不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息。 问题是'Index.PHP'脚本对用户提交的'id'参数缺少过滤,提交恶意SQL代码作为参数数据,可导致更改原来的SQL逻辑,获得敏感信息。 SmodBIP 1.06 目前没有解决方案提供: http://www.smod.pl/ ? / Autor: Kacper Contact: [email protected] Homepage: http://www.rahim.webd.pl/ Irc: irc.milw0rm.com:66...
sunshop-rfi.txt
sunshop 4 index.php Remote File Include Vulnerability ----------------------------------------------------------------------------------------- scripts : SunShop v3.5/4.0 Discovered By : irvian scripts site : http://www.turnkeywebtools.com/sunshop/ Thanks To : hitamputih nyubicrew patihack specia...