CVE-2006-4733

PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system SIPS 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the configsipssys parameter. NOTE: the product's documentation recommends placing the...

CVE-2006-4714

PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS aka phpWordPress 3.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classifiedpath parameter...

phpbb -- NULL byte injection vulnerability

Secunia reports: ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "avatarpath" parameter in admin/adminboard.php is not properly sanitised before being used as a configuration variable to store avatar...

RaidenHTTPD SoftParserFileXml Parameter Remote File Inclusion

Binary data 3740.prm...

CVE-2006-4678

PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the NEAbsPath parameter in 1 install.php and 2 migrateNE2toNE3.php...

CVE-2006-4644

PHP remote file inclusion vulnerability in modules/home.module.php in phpFullAnnu 5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the repmod parameter...

CVE-2006-4649

PHP remote file inclusion vulnerability in bpnews.php in BinGo News BP News 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter...

CVE-2006-4629

PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2006-4596

PHP remote file inclusion in MyBace Light Skrip, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the 1 hauptverzeichniss parameter in includes/logincheck.php and the 2 templateback parameter in admin/login/content/userdaten.php...

CVE-2006-4610

PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter...

CVE-2006-4544

Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbbhomepath parameter in files in the modules directory including 1 birstday/birst.php 2 birstday/select.php, 3...

CVE-2006-4548

e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCEimglibinclude image/jpeg parameter in...

CVE-2006-4557

PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis...

e107 ibrowser.php zend_has_del() Function Remote Code Execution

The 'e107handlers/tinymce/plugins/ibrowser/ibrowser.php' script included with the version of e107 installed on the remote host contains a programming flaw that may allow an unauthenticated, remote attacker to execute arbitrary PHP code on the affected host, subject to the privileges of the web...

CVE-2006-4530

Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php...

CVE-2006-4451

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...

CVE-2006-4451

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...

CVE-2006-4425

CVE-2006-4425 affects the phpCOIN 1.2.3 package. Multiple remote file inclusion weaknesses allow an unauthenticated, remote attacker to cause code execution by manipulating the _CCFG[_PKG_PATH_INCL] parameter in seven coin_includes scripts (api.php, common.php, core.php, custom.php, db.php, redir...

CVE-2006-4363

PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component comcropimage 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter...

CVE-2006-4373

PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvcincludedir parameter...