Remote file inclusion

PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blogdcpath parameter, which passes fileexists and isdir tests on PHP 5...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to 1 auth/extauth/drivers/mambo.inc.php or 2 auth/extauth/drivers/postnuke.inc.php...

Remote file inclusion

PHP remote file inclusion vulnerability in common-menu.php in Cameron McKay Informium 0.12.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFlocalpath parameter...

[SA20438] BlueShoes Framework Multiple File Inclusion Vulnerabilities

---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...

SquirrelMail plugin.php plugins Parameter Local File Inclusion

The version of SquirrelMail installed on the remote web server fails to properly sanitize user-supplied input to the 'plugins' parameter of the 'functions/plugin.php' script before using it in a PHP 'includeonce' function. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated...

Remote file inclusion

PHP remote file inclusion vulnerability in METAjour 2.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the 1 systempath parameter in a large number of files in the a app/edocument/, b app/eproject/, c app/erek/, and d extension/ directories, and the 2...

CVE-2006-2768

METAjour 2.1 contains a PHP remote file inclusion vulnerability exploitable when register_globals is enabled. An attacker can execute arbitrary PHP code via (1) the system_path parameter in files under app/edocument/, app/eproject/, app/erek/, and extension/ directories, and (2) the GLOBALS[syste...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a userinc setting that is used in an...

Remote file inclusion

PHP remote file inclusion vulnerability in blenddata/blendcommon.php in Blend Portal 1.2.0, as used with phpBB when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter. NOTE: This is a similar vulnerability to CVE-2006-2507...

Remote file inclusion

PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in language/langenglish/langactivity.php in Activity MOD Plus Amod 1.1.0, as used with phpBB when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter. NOTE: This is a similar vulnerabili...

Remote file inclusion

PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYSMYPATHTEMPLATES parameter...

Remote file inclusion

PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALSAAINCPATH parameter in 1 cached.php3, 2 cron.php3, 3 discussion.php3, 4 filldisc.php3, 5 filler.php3, 6 fillform.php3, 7 go.php3, 8 hiercons.php3, 9...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGpeardir parameter...

UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion

The version of UBB.threads installed on the remote host fails to sanitize input to the 'thispath' parameter before using it in a PHP include function in the 'addpostnewpoll.php' script. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be able to exploit this fl...

Nucleus CMS PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion

The remote host is running Nucleus CMS, an open source content management system. The version of Nucleus CMS installed on the remote host fails to sanitize input to the 'DIRLIBS' parameter before using it in a PHP include function in the 'nucleus/libs/PLUGINADMIN.php' script. Provided PHP's...

Remote file inclusion

PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS"CLPath" parameter to 1 reconfig.php and 2 srxclr.php. NOTE: this might be due to a globals overwrite issue...

CVE-2006-2570

PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS"CLPath" parameter to 1 reconfig.php and 2 srxclr.php. NOTE: this might be due to a globals overwrite issue...

newsletter.txt

I found a bug in artmedic Newsletter 4.1 proably even in newer versions which lets an attacker run arbitrary php-code and bypass the password protection. The reason for this is mistake in design. log.php: Usually the log.php is included and $logfile,$logtime and $email are declared in the parent...

CVE-2005-1755

PHP remote file inclusion vulnerability in pollvote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativerpfad parameter...