Command injection

Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupaleval function through a callback parameter to t...

CVE-2007-5416

Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupaleval function through a callback parameter to t...

PicoFlat CMS 0.4.14 - 'index.php' Remote File Inclusion

PicoFlat CMS Remote file inclusion f0und bY 0in download:http://sourceforge.net/project/showfiles.php?groupid=195156&packageid=230351&releaseid=533796 Greetings to:Dark-coders team members: Die-angel,Slim,Umbro Others: Joker186,Kaja,Wojto111,Rade0n And funny n00b-firends: Pucik and Steryd ; FUN B...

CVE-2007-5314

PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter...

Command injection

ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it coul...

CVE-2007-5294

PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta aka Phoenix allows remote attackers to execute arbitrary PHP code via a URL in the siteabsolutepath parameter...

CVE-2007-5178

contrib/mxglancesdesc.php in the mxglance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mxrootpath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct...

CVE-2007-5167

PHP remote file inclusion vulnerability in .systeme/fonctions.php in phpLister 0.5-pre2 allows remote attackers to execute arbitrary PHP code via a URL in the nomrepsysteme parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/archive/archivetopic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-5114

PHP remote file inclusion vulnerability in include/plugin/block.t.php in Peter Schmidt phpmyProfiler 0.9.6b allows remote attackers to execute arbitrary PHP code via a URL in the pmprelpath parameter. NOTE: this issue is disputed by CVE because the applicable requireonce is in a function that is...

Remote file inclusion

PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2007-5100

Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter to 1 language/langgerman/langadminalbum.php, 2...

Remote file inclusion

PHP remote file inclusion vulnerability in html/modules/extranetprofile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the thismodulepath parameter. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a...

XCMS 1.1/1.7 - 'Password' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/25771/info Xcms is prone to a vulnerability that lets attackers execute arbitrary PHP code because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of...

Remote file inclusion

PHP remote file inclusion vulnerability in language/langgerman/langmainalbum.php in phpBB Plus 1.53, and 1.53a before 20070922, allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-5014

Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in 1 the lvcadmindir parameter to modules/visitors2/admin/view-archiver.inc.php or 2 the lvcincludedir parameter to modules/visitors2/include/menus.inc.php. NOTE: the...

CVE-2007-5009

PHP remote file inclusion vulnerability in language/langgerman/langmainalbum.php in phpBB Plus 1.53, and 1.53a before 20070922, allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-4954

PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic comjoom12pic 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic comjoom12pic 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...