CVE-2008-5792

CVE-2008-5792 affects Indiscripts Enthusiast (3.1.4 and possibly earlier). The vulnerability is a PHP remote file inclusion in show_joined.php where an attacker can supply a URL in the path parameter to execute arbitrary PHP code on the server. The issue is also noted as a directory traversal con...

CVE-2008-5792

PHP remote file inclusion vulnerability in showjoined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue...

CVE-2008-5729

CVE-2008-5729 describes multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier. The issues allow remote attackers to inject arbitrary web script or HTML via three vectors: (1) the form and (2) the control parameters to FCKeditor/neditor.php, and (3) the path parameter...

CVE-2008-2783

Multiple cross-site scripting XSS vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to 1 week.php, 2 workweek.php, and 3 day.php; and 4 the horde parameter in the PATHINFO to the...

CVE-2008-2769

PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfigauthsmfpath parameter...

CVE-2008-1355

Cross-site scripting XSS vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...

CVE-2008-1273

CVE-2008-1273 concerns multiple XSS vulnerabilities in imageVue 1.7. The affected functionality is in the upload directory, with vulnerable entry points at popup.php, test/dir2.php, admin/upload.php, and dirxml.php. The underlying issue is that the path parameter is not properly sanitized, enabli...

CVE-2007-6657

PHP remote file inclusion vulnerability in source/includes/loadforum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfhrootpath parameter...

CVE-2007-6655

PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...

Design/Logic Flaw

showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter...

CVE-2007-6632

showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter...

Directory traversal

Directory traversal vulnerability in index.php in the RSfiles component comrsfiles 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the path parameter in a files.display action...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file aka snif 1.5.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 path and 2 download parameters...

CVE-2007-3056

Cross-site scripting XSS vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter...

CVE-2007-3056

Cross-site scripting XSS vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter...

CVE-2007-3056

Cross-site scripting XSS vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter to view/search/; or the 2 companyname, 3 country, 4 email, 5 firstname, 6 middlename, 7 required, 8 surname, or 9 title parameter to...

CVE-2007-2663

PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the pathlocal parameter to 1 ftp.php, 2 libs/db.php, and 3 libs/ftp.php...