Remote file inclusion

PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the configrootordner parameter...

CVE-2007-6642

Multiple cross-site request forgery CSRF vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to 1 add a Super Admin, 2 upload an extension containing arbitrary PHP code, and 3 modify the configuration as administrators via unspecified vectors...

CVE-2007-6642

Multiple cross-site request forgery CSRF vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to 1 add a Super Admin, 2 upload an extension containing arbitrary PHP code, and 3 modify the configuration as administrators via unspecified vectors...

Remote file inclusion

PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter...

CVE-2007-6585

PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter...

CVE-2007-6550

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/frontpageright.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter...

Code injection

Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the 1 username, 2 password, and 3 email parameters when registering a user account, which can be executed by accessing the user's php file for this...

Remote file inclusion

PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the configfsBase parameter, a different vector than CVE-2006-2726...

CVE-2007-6105

Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 languagefile parameter to a comments-display-tpl.php and b addons/separate-comments-mod/my-comments-display-tpl.php and the 2 configcommentsformtpl paramete...

CVE-2007-6082

Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php...

CVE-2007-6057

PHP remote file inclusion vulnerability in index.php in datecomm Social Networking Script aka Myspace Clone Script allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Confixx Professional 3.2.1 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2007-5995

PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter...

Code injection

Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by...

Code injection

Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote...

Remote file inclusion

PHP remote file inclusion vulnerability in inc/sigeinit.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYSPATH parameter...

CVE-2007-5780

PHP remote file inclusion vulnerability in pub/pub08comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter...

Unrestricted file upload

Unrestricted file upload vulnerability in the profiles script in ProfileCMS 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving creation of a profile...

Code injection

Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. NOTE: the provenance of this information is unknown; the detai...