CVE-2007-4585

Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter...

QuickTicket 1.2 (qti_checkname.php) Local File Inclusion Vulnerability

No description provided by source. QuickTicket v1.2 Local File Inclusion download: http://www.qt-cute.org/download/qti12.zip found by: katatafish [email protected] vulncode: $strLang = $GET"lang"; include"language/$strLang/qtflangreg.inc"; exploit:...

quicktalk-lfi.txt

QuickTalk forum v1.3 Local File Inclusion download: http://www.qt-cute.org/download/qtf13.zip found by: katatafish [email protected] vulncode: $strLang = $GET"lang"; include"language/$strLang/qtflangreg.inc"; exploits:...

Directory traversal

Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a .. dot dot in the language parameter in a register action...

Directory traversal

Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 a lang cookie or 2 the language parameter...

CVE-2007-2050

Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 a lang cookie or 2 the language parameter...

CVE-2007-2050

Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 a lang cookie or 2 the language parameter...

CVE-2007-0559

PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sqllanguage parameter...

DEBIAN-CVE-2006-6943

PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to a scripts/checklang.php and b themes/darkblueorange/layout.inc.php; and via the 1 lang, 2 target, 3 db, 4 goto, 5 table, and 6 tblgroup array arguments to c index.php, and the 7 back argument t...

Jax Petitionbook Language参数多个本地文件包含漏洞

Jax Petitionbook是一款基于PHP的WEB应用程序。 Jax Petitionbook不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 问题是多个脚本对用户提交的'language'参数缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以WEB进程权限查看系统文件内容。 Jax Scripts Jax Petitionbook 3.06 目前没有解决方案提供： http://www.jtr.de/scripting/php/...

CVE-2007-0050

PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests th...

PT-2007-1543 · Openpinboard · Openpinboard

Name of the Vulnerable Software and Affected Versions: OpenPinboard version 2.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the language parameter in index.php. However, it has been disputed by the developer and a third party, as the variable is set...

CVE-2006-4579

CVE-2006-4579 describes a directory traversal vulnerability in The Address Book 1.04e, where the language parameter can be manipulated with ".." to include arbitrary files. The issue arises in users.php and could allow remote attackers to cause file inclusion, with the documented impact: partial ...

CVE-2006-4579

Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote attackers to include arbitrary files via a .. dot dot in the language parameter...

CVE-2006-6271

Multiple cross-site scripting XSS vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to 1 index.php, 2 info.php; and 3 index.php, 4 votanti.php, 5 risultaticonfig.php, 6 modificaband.php, 7 bandeditor.php, and 8 configeditor.php...

CVE-2006-5263

The CVE-2006-5263 issue affects phpMyAgenda 3.1 and earlier, where a directory traversal vulnerability in templates/header.php3 allows remote attackers to include and execute arbitrary local files by passing a .. in the language parameter (example using an Apache log file that contains PHP code)....

CVE-2006-4077

PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager CWFM 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter...

Directory traversal

Absolute path directory traversal vulnerability in a MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and b VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the 1 language parameter in...

Directory traversal

Absolute path directory traversal vulnerability in 1 MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and 2 VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname i...

CVE-2006-0817

CVE-2006-0817 is a directory traversal/remote file inclusion vulnerability in IceWarp Web Mail bundled with Merak/VisNetic Mail Server. The flaw stems from improper sanitization in the language/lang_settings parameters via the securepath function in accounts/inc/include.php and admin/inc/include....