Directory traversal

Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails...

CVE-2006-1791

Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails...

CVE-2006-1791

Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails...

CVE-2006-1777

Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache errorlog file, which...

Directory traversal

Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the 1 GLOBALSdatabasemodule or 2 GLOBALSlanguagemodule parameters, which overwrite the underlying $GLOBALS variable...

CVE-2006-1746

The CVE-2006-1746 issue affects phpList <= 2.10.2, where the index.php’s database_module (and language_module) handling allows Local File Inclusion by overwriting $GLOBALS via user-supplied GLOBALS[database_module]/GLOBALS[language_module]. The root cause is inadequate input sanitization and, ...

Code injection

index.php in Shopweezle 2.0 allows remote attackers to include arbitrary local files via the url parameter...

Code injection

Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier allows remote attackers to include arbitrary local files via 1 the lang parameter in news.php and 2 other unspecified vectors...

CVE-2006-1684

CVE-2006-1684 affects ecotwo Shopsystem 1.0-192 and earlier. The vulnerability allows remote attackers to include arbitrary local files via the lang parameter in news.php and other unspecified vectors, enabling local file inclusion. The NVD entry lists a (Network) attack vector with low complexit...

CVE-2006-1684

Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier allows remote attackers to include arbitrary local files via 1 the lang parameter in news.php and 2 other unspecified vectors...

Solaris Sun Cluster SunPlex Manager privilege escalation

User with solaris.cluster.gui authorization can access any local files...

Directory traversal

Directory traversal vulnerability in 1 initiate.php and 2 possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as...

CVE-2006-1478

CVE-2006-1478 affects Turnkey Web Tools PHP Live Helper 1.8 (and possibly later versions). The vulnerability is a directory traversal in (1) initiate.php and possibly other PHP scripts, allowing remote authenticated users to include and execute arbitrary local files. The attack relies on crafted ...

Directory traversal

Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a langfile parameter, as demonstrated by injecting PHP sequences into an Apache accesslog file...

CVE-2006-1346

Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a langfile parameter, as demonstrated by injecting PHP sequences into an Apache accesslog file...

Directory traversal

Directory traversal vulnerability in install05.php in Simple PHP Blog SPB 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL %00 character in the bloglanguage parameter, as demonstrated by injecting PHP sequences in...

CVE-2006-1243

Directory traversal vulnerability in install05.php in Simple PHP Blog SPB 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL %00 character in the bloglanguage parameter, as demonstrated by injecting PHP sequences in...

CVE-2006-1031

config/configinc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SGHOME parameter...

CVE-2006-0388

Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources...

Directory traversal

Directory traversal vulnerability in include.php in Noah's Classifieds 1.3 allows remote attackers to include arbitrary local files via the otherTemplate parameter to index.php...