Unrestricted file upload

Unrestricted file upload vulnerability in the profiles script in ProfileCMS 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving creation of a profile...

Code injection

Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. NOTE: the provenance of this information is unknown; the detai...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the xarg parameter to 1 xargcorner.php, 2 xargcornerbottom.php, and 3 xargcornertop.php...

CVE-2007-5693

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...

CVE-2007-5693

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...

TikiWiki < 1.9.8.2 Multiple Scripts Local File Inclusion

The remote host is running TikiWiki, an open source wiki application written in PHP. The version of TikiWiki installed on the remote host fails to sanitize input to the 'errorhandlerfile' and/or 'localphp' parameters before using them to include PHP code. Provided PHP's 'registerglobals' setting ...

Remote file inclusion

PHP remote file inclusion vulnerability in modules/Forums/favorites.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary PHP code via a URL in the nukebbrootpath parameter...

OSI CODES - PHP Live! Remote File Inclusion

Aria-Security Team http://Aria-Security.Net Persian Security Network Source Code: ? / COPYRIGHT OSI CODES - PHP Live! / sessionstart ; $l = "" ; // try to get cookie value first if isset $HTTPCOOKIEVARS'COOKIEPHPLIVESITE' $l = $HTTPCOOKIEVARS'COOKIEPHPLIVESITE' ; if isset $HTTPGETVARS'l' $l =...

CVE-2003-1402

PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the urlhit parameter, a different vulnerability than CVE-2006-5015...

Design/Logic Flaw

Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftps, 3 ssh2.sftp, or 4 ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHPBlog 0.1 Alpha allow remote attackers to execute arbitrary PHP code via a URL in the bloglocalpath parameter to 1 includes/functions.php or 2 includes/email.php. NOTE: this issue is disputed by CVE because the identified code is in function...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE because the identified code is in a function that is not accessible via direct reques...

Remote file inclusion

PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in lib/fckeditor/uploadconfig.php in Galmeta Post 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the DDS parameter...

Design/Logic Flaw

Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors...

SiteBar 3.3.8 - &#039;/translator.php?upd/cmd/Action/edit&#039; Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/26126/info SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. These issues include: - A local file-include vulnerability - Multiple arbitrary-script-code-execution vulnerabilities -...

CVE-2007-5492

Static code injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter...

CVE-2007-5451

PHP remote file inclusion vulnerability in admin.color.php in the comcolorlab aka comcolor 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...

CVE-2007-5416

Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupaleval function through a callback parameter to t...

Command injection

Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupaleval function through a callback parameter to t...