1624 matches found
CVE-2007-3309
Unspecified vulnerability in Simple Machines Forum SMF 1.1.2 allows remote attackers to execute arbitrary PHP code during 1 creation or 2 editing of a message...
CVE-2007-3292
Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article...
Unrestricted file upload
Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article...
Remote file inclusion
PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...
Remote file inclusion
PHP remote file inclusion vulnerability in admin/editor2/spawcontrol.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this may be a duplicate of CVE-2006-4656...
Remote file inclusion
PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUMLIB parameter. NOTE: by default, access to the PhpDocumentor directory tree...
CVE-2007-3220
PHP remote file inclusion vulnerability in admin/editor2/spawcontrol.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this may be a duplicate of CVE-2006-4656...
CVE-2007-3221
PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...
CVE-2007-3230
PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclasspath parameter...
Unrestricted file upload
Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg...
CVE-2007-3199
Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg...
CVE-2007-3199
Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg...
CVE-2007-3160
PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter...
CVE-2007-3141
PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editorinserttop parameter. NOTE: the editorinsertbottom vector is already covered by CVE-2006-6042...
CVE-2007-3084
PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter, a different vector than CVE-2006-5441...
Authentication flaw
Pheap 2.0 allows remote attackers to bypass authentication by setting a pheaplogin cookie value to the administrator's username, which can be used to 1 obtain sensitive information, including the administrator password, via settings.php or 2 upload and execute arbitrary PHP code via an updatedoc...
CVE-2007-2985
Pheap 2.0 allows remote attackers to bypass authentication by setting a pheaplogin cookie value to the administrator's username, which can be used to 1 obtain sensitive information, including the administrator password, via settings.php or 2 upload and execute arbitrary PHP code via an updatedoc...
CVE-2007-2986
PHP remote file inclusion vulnerability in lib/livestatus.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter...
CVE-2007-2985
Pheap 2.0 allows remote attackers to bypass authentication by setting a pheaplogin cookie value to the administrator's username, which can be used to 1 obtain sensitive information, including the administrator password, via settings.php or 2 upload and execute arbitrary PHP code via an updatedoc...