1624 matches found
CVE-2009-0251
CVE-2009-0251 affects Ryneezy phoSheezy 0.2: static code injection in admin.php allows remote authenticated admins to inject PHP into config/footer via the footer parameter. NOTE: exploitation can be chained via CVE-2009-0250, which may enable unauthenticated access to sensitive config data. The ...
phpList <= 2.10.8 Variable Overwriting
The version of phpList installed on the remote host emulates PHP's 'registerglobals' functionaltiy' insecurely in its 'admin/index.php' script. Provided PHP's 'registerglobals' setting is disabled, an unauthenticated attacker can exploit this issue to overwrite the 'SERVERConfigFile' and...
CVE-2008-5906
Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...
CVE-2009-0103
Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 appspathplug parameter to plugin/gateway/gnokii/init.php, the 2 appspaththemes parameter to plugin/themes/default/init.php, and the 3 appspathlibs parameter ...
CVE-2008-5792
PHP remote file inclusion vulnerability in showjoined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue...
CVE-2008-5789
Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator comfeederator component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the 1 mosConfigabsolutepath parameter to a addtmsp.php, b edittmsp.php and c tmsp.php in includes/tmsp...
CVE-2008-5790
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions comcompetitions component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSmosConfigabsolutepath parameter to a add.php and b competitions.php in includes/competitions/, and...
Remote file inclusion
PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter...
CVE-2008-5764
PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in lib/jpgraph/jpgrapherrhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treat...
CVE-2008-5334
PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter...
CVE-2008-5173
Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors...
Remote file inclusion
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConfdirlayouts parameter...
CVE-2008-5071
Multiple eval injection vulnerabilities in itpmestimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the projid parameter...
CVE-2008-5071
The CVE-2008-5071 issue affects Yoxel software (version 1.23beta and earlier) where itpm_estimate.php is vulnerable to multiple eval injection flaws. The underlying cause is eval-based code execution triggered by the proj_id parameter, allowing remote authenticated users to run arbitrary PHP code...
Remote file inclusion
PHP remote file inclusion vulnerability in upload/admin/frontpageright.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter...
CVE-2008-5053
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader comrssreader 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...
CVE-2008-5060
Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to 1 exportbatch.inc.php, 2 runautosuspend.cron.php, and 3 sendemailcache.php in include/scripts/; 4...
Remote file inclusion
PHP remote file inclusion vulnerability in Admin/ADMPagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter...