Remote file inclusion

PHP remote file inclusion vulnerability in lib/jpgraph/jpgrapherrhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treat...

Mini File Host 1.x Arbitrary PHP File Upload Vulnerability

No description provided by source. --------------------------------------------------------- Portal Name: Mini File Host Version: All version Vendor : http://www.galaxyscripts.com Dork: inurl:index.php?page=img Powered By Mini File Host Author : PouyaServer , [email protected] Vulnerability ...

Mini File Host 1.x Arbitrary PHP File Upload Vulnerability

Exploit for unknown platform in category web applications ========================================================== Mini File Host 1.x Arbitrary PHP File Upload Vulnerability ========================================================== --------------------------------------------------------- Port...

CVE-2008-5334

PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...

GLSA-200812-07 : Mantis: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200812-07 Mantis: Multiple vulnerabilities Multiple issues have been reported in Mantis: EgiX reported that manageprojpage.php does not correctly sanitize the sort parameter before passing it to createfunction in core/utilityapi.p...

Mantis: Multiple vulnerabilities

Background Mantis is a PHP/MySQL/Web based bugtracking system. Description Multiple issues have been reported in Mantis: EgiX reported that manageprojpage.php does not correctly sanitize the sort parameter before passing it to createfunction in core/utilityapi.php CVE-2008-4687. Privileges of...

Remote file inclusion

PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter...

CVE-2008-5173

Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors...

Remote file inclusion

PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConfdirlayouts parameter...

CVE-2008-5071

Multiple eval injection vulnerabilities in itpmestimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the projid parameter...

CVE-2008-5071

The CVE-2008-5071 issue affects Yoxel software (version 1.23beta and earlier) where itpm_estimate.php is vulnerable to multiple eval injection flaws. The underlying cause is eval-based code execution triggered by the proj_id parameter, allowing remote authenticated users to run arbitrary PHP code...

Remote file inclusion

PHP remote file inclusion vulnerability in upload/admin/frontpageright.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter...

CVE-2008-5060

Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to 1 exportbatch.inc.php, 2 runautosuspend.cron.php, and 3 sendemailcache.php in include/scripts/; 4...

CVE-2008-5053

PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader comrssreader 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in Admin/ADMPagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter...

CVE-2008-5053

PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader comrssreader 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...

CVE-2008-4811

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ backslash before a dollar-sign character...

CVE-2008-4810

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and 1 a dollar-sign character, aka "php executed in templates;" and 2 a double quoted literal string, aka a "function...

CVE-2008-4769

Directory traversal vulnerability in the getcategorytemplate function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from thi...

CVE-2008-4769

Directory traversal vulnerability in the getcategorytemplate function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from thi...