CVE-2008-2772

The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."...

CVE-2008-2689

PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arbitrary PHP code via a URL in the bcrmpubroot parameter...

Directory traversal

Multiple PHP remote file inclusion vulnerabilities in Brim formerly Booby 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in 1 barrel/, 2 barry/, 3 mylook/, 4 oerdec/, 5 penguin/, 6 sidebar/, 7 slashdot/, and 8 text-only/ in...

CVE-2008-2638

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...

CVE-2008-2480

PHP remote file inclusion vulnerability in plus.php in plusPHP Short URL Multi-User Script 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the pagesdir parameter...

Unrestricted file upload

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard...

WordPress <= 2.5.1 - Unrestricted file upload

Because of this vulnerability, the authenticated administrators can upload and execute arbitrary PHP files via the Upload section. Solution Update WordPress...

CVE-2008-2284

PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5.1 allows remote attackers to execute arbitrary PHP code via a URL in the FUSEBOXAPPLICATIONPATH parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Remote file inclusion

PHP remote file inclusion vulnerability in example.php in Thomas Gossmann ScorpNews 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter...

CVE-2008-1988

Unrestricted file upload vulnerability in the fileupload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct request to the file...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter...

CVE-2008-1893

PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter...

CVE-2008-1866

The CVE-2008-1866 issue affects Blog Pixel Motion (PixelMotion), where admin/modif_config.php does not require admin authentication. This allows remote authenticated users to upload arbitrary PHP scripts inside a ZIP archive, which is written to templateZip/ and then automatically extracted under...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...

CVE-2008-1776

CVE-2008-1776 is a PHP remote file inclusion vulnerability in PhpBlock A8.4 where an attacker can cause arbitrary PHP code execution via a URL supplied to PATH_TO_CODE in modules/basicfog/basicfogfactory.class.php. Multiple sources (NVD entries and related records) confirm the vulnerable file and...

Unrestricted file upload

Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by 1 image/gif and 2 application/pdf...

CVE-2008-1495

Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by 1 image/gif and 2 application/pdf...

PHP 5.x < 5.2 Multiple Vulnerabilities

According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bndirdefault parameter to 1 adduser.php, 2 createforum.php, 3 createuser.php, 4 deletenotes.php, 5 deleteuser.php, 6 editforum.php, 7 mailusers.php, 8...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the includepath parameter to 1 converter.inc.php, 2 messages.inc.php, and 3 settings.inc.php in includes/...