CVE-2008-3769

PHP remote file inclusion vulnerability in admin/createordernew.php in Freeway 1.4.1.171, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includepage parameter...

Sql injection

Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...

CVE-2008-3764

Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to 1 flatread.php, 2 post.php, 3 processpost.php, 4 processsearch.php, 5 forum.php, 6 processsubscribe.php, 7 read.php, 8...

CVE-2008-3575

PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSgsLanguage parameter, a different vector than CVE-2006-4477 and CVE-2004-0132...

Pligg settemplate.php template Parameter Local File Inclusion

The remote host is running Pligg, an open source content management system. The installed version of Pligg fails to sanitize the 'template' cookie before using it in 'config.php' to include PHP code. An unauthenticated, remote attacker can exploit this issue to view arbitrary files or even execut...

Remote file inclusion

PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter...

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg alertdocument.cookie; The above example link would display the end users cookie to them. Of course this can also be use...

Remote file inclusion

PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter...

Code injection

SocialEngine SE before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code...

CVE-2008-3183

PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/toolbar.php in gapicms 9.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dirDepth parameter...

CVE-2008-3093

Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the UploadAvatar parameter and sending the image/gif content type...

CVE-2008-2981

PHP remote file inclusion vulnerability in admin/templates/templatethumbnail.php in HomePH Design 2.10 RC2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumbtemplate parameter...

CVE-2008-2905

PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the CacheLite package in Mambo 4.6.4 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2008-2884

PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-2884

PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the modroot parameter...

CVE-2008-2836

PHP remote file inclusion vulnerability in sendreminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483...

CVE-2008-2769

PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfigauthsmfpath parameter...

CVE-2008-2772

The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."...