CVE-2010-2341

PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tplbasedir parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in CMS S.Builder 3.7 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in a binnincludepath cookie. NOTE: this can also be leveraged to include and execute arbitrary local files...

Snipe Gallery 'cfg_admin_path' Multiple Remote File Include Vulnerabilities

The host is running Snipe Gallery and is prone to multiple remote file include vulnerabilities. OpenVAS Vulnerability Test $Id: gbsnipegalleryremotefileincludevuln.nasl 5373 2017-02-20 16:27:48Z teissa $ Snipe Gallery 'cfgadminpath' Multiple Remote File Include Vulnerabilities Authors: Sooraj KS...

DDLCMS 2.1 - 'skin' Remote File Inclusion

============================================================== DDLCMS v2.1 skin Remote File Inclusion Vulnerability ============================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ ...

GLSA-201006-13 : Smarty: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201006-13 Smarty: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Smarty: The vendor reported that the modifier.regexreplace.php plug-in contains an input sanitation flaw related to the ASCII NUL characte...

Design/Logic Flaw

bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method...

Open-AudIT include_lang.php language Parameter Traversal Local File Inclusion

The web server hosts Open-AudIT, an open source network auditing application written in PHP. At least one install of Open-AudIT on the remote host fails to sanitize user-supplied input to the 'language' parameter before using it in 'includelang.php' to include PHP code. Regardless of PHP's...

CVE-2010-1546

Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite aka CTools module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to 1 the...

Moodle 1.9.8 Remote File Inclusion

+Title: Moodle 1.9.8+ "libdir" , "dirroot" RFI Vulnerability Exploit +TesTed On: Version 1.9.8+ and Prior +Download: http://download.moodle.org/stable19/ +Discovered by: eidelweiss +Contact: eidelweissatcyberservicesdotcom !Thanks To: exploit-db team , JosS hack0wn , sp3x securityreason , r0073r ...

OpenX banner-edit.php File Upload PHP Code Execution

$Id: openxbanneredit.rb 9247 2010-05-08 03:07:51Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

CVE-2009-4836

Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter...

Sql injection

Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter...

CVE-2009-4836

Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter...

Code injection

lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to nowconnect.php...

PAJAX - Remote Command Execution (Metasploit)

$Id: pajaxremoteexec.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

CVE-2009-4818

Unrestricted file upload vulnerability in upload.php in PHPSimplicity Simplicity oF Upload 1.3.2 allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif...

CVE-2010-1528

PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter...

CVE-2010-1153

PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable...

CVE-2010-1360

CVE-2010-1360 affects FAQEngine 4.24.00. It involves multiple PHP remote file inclusion vulnerabilities that allow an attacker to execute arbitrary PHP code by supplying a URL in the path_faqe parameter to any of 13 PHP entry points (attachs.php, backup.php, badwords.php, categories.php, changepw...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 admin/menu.php and 2 library/lib.menu.php; and the adminroot parameter to 3...