2870 matches found
CVE-2006-6390
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...
CVE-2006-6390
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when registerglobals is enabled and magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the configdbtype parameter to 1 categories.php, 2 couriers.php, 3...
CVE-2006-6242
CVE-2006-6242 affects Serendipity 1.0.3 and earlier. The issue is multiple directory traversal/local file inclusion (LFI) flaws triggered by an unsanitized serendipity[charset] parameter, allowing an attacker to read or include arbitrary local files. The basic entry points include include/lang.in...
CVE-2006-6242
Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. dot dot sequence in the serendipitycharset parameter in 1 include/lang.inc.php; or to plugins/ scripts 2...
FreeBSD : kronolith -- arbitrary local file inclusion vulnerability (a8af7d70-8007-11db-b280-0008743bf21a)
iDefense Labs reports : Remote exploitation of a design error in Horde's Kronolith could allow an authenticated web mail user to execute arbitrary PHP code under the security context of the running web server. The vulnerability specifically exists due to a design error in the way it includes...
CVE-2006-5733
Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang PNSV lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then includ...
CVE-2006-5716
CVE-2006-5716 affects FreeNews 2.1. A directory traversal flaw in aff_news.php allows remote attackers to include local files via a ".." sequence in the chemin parameter when aff_news is not set to "1". The vulnerability targets the file handling logic in FreeNews 2.1 and can expose local files t...
CVE-2006-5604
CVE-2006-5604 is a directory traversal vulnerability in phpcards.header.php of phpCards 1.3. It allows remote attackers to include and execute arbitrary local files by supplying a .. (dot dot) in the CardLanguageFile parameter. According to the NVD entry, the impact is partial confidentiality, in...
CVE-2006-5528
Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2.26 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the mod parameter. NOTE: some of these details are obtained from third party information...
CVE-2006-5554
Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. dot dot in the usersettings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is...
CVE-2006-5554
Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. dot dot in the usersettings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is...
CVE-2006-5510
Directory traversal vulnerability in explorerloadlang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif file that contains PHP code...
CVE-2006-5510
Directory traversal vulnerability in explorerloadlang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif file that contains PHP code...
CVE-2006-5263
Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently...
CVE-2006-5263
The CVE-2006-5263 issue affects phpMyAgenda 3.1 and earlier, where a directory traversal vulnerability in templates/header.php3 allows remote attackers to include and execute arbitrary local files by passing a .. in the language parameter (example using an Apache log file that contains PHP code)....
CVE-2006-5115
Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file throug...
CVE-2006-5149
Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the page parameter to shared/help.php or 2 the tab parameter to shared/header.php...
CVE-2006-5115
CVE-2006-5115 describes a directory-traversal in the web app component kgcall.php of KGB 1.87 . An attacker can abuse the engine parameter with a ".." path to trick the app into including and executing arbitrary local files, demonstrated by uploading a PHP-coded image with an image/jpeg content t...
CVE-2006-4767
Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript aka WM-News 0.5beta allow remote attackers to 1 read arbitrary local files via a .. dot dot sequence in the ide parameter in modify.php and 2 write to arbitrary local files via a .. sequence in the var parameter in addgo.php...
CVE-2006-4767
Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript aka WM-News 0.5beta allow remote attackers to 1 read arbitrary local files via a .. dot dot sequence in the ide parameter in modify.php and 2 write to arbitrary local files via a .. sequence in the var parameter in addgo.php...