CVE-2007-5314

PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter...

Command injection

ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it coul...

CVE-2007-5294

PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta aka Phoenix allows remote attackers to execute arbitrary PHP code via a URL in the siteabsolutepath parameter...

CVE-2007-5178

contrib/mxglancesdesc.php in the mxglance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mxrootpath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct...

CVE-2007-5167

PHP remote file inclusion vulnerability in .systeme/fonctions.php in phpLister 0.5-pre2 allows remote attackers to execute arbitrary PHP code via a URL in the nomrepsysteme parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/archive/archivetopic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-5114

PHP remote file inclusion vulnerability in include/plugin/block.t.php in Peter Schmidt phpmyProfiler 0.9.6b allows remote attackers to execute arbitrary PHP code via a URL in the pmprelpath parameter. NOTE: this issue is disputed by CVE because the applicable requireonce is in a function that is...

Remote file inclusion

PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2007-5100

Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter to 1 language/langgerman/langadminalbum.php, 2...

Remote file inclusion

PHP remote file inclusion vulnerability in html/modules/extranetprofile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the thismodulepath parameter. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a...

XCMS 1.1/1.7 - 'Password' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/25771/info Xcms is prone to a vulnerability that lets attackers execute arbitrary PHP code because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of...

Remote file inclusion

PHP remote file inclusion vulnerability in language/langgerman/langmainalbum.php in phpBB Plus 1.53, and 1.53a before 20070922, allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-5009

PHP remote file inclusion vulnerability in language/langgerman/langmainalbum.php in phpBB Plus 1.53, and 1.53a before 20070922, allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-5014

Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in 1 the lvcadmindir parameter to modules/visitors2/admin/view-archiver.inc.php or 2 the lvcincludedir parameter to modules/visitors2/include/menus.inc.php. NOTE: the...

Remote file inclusion

PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic comjoom12pic 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...

CVE-2007-4954

PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic comjoom12pic 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...

CVE-2007-4954

CVE-2007-4954 describes a PHP remote file inclusion in the Joomla! 1.0 extension joom12Pic (com_joom12pic), specifically via the mosConfig_live_site parameter in admin.joom12pic.php. The vulnerability allows an attacker to supply a crafted URL and potentially execute arbitrary PHP code on the ser...

CVE-2007-4942

PHP remote file inclusion vulnerability in modules/Discipline/StudentFieldBreakdown.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter, a different vector than CVE-2007-4806. NOTE: the provenance of this information is unknown...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFLFILEROOT parameter to 1 programfiles/livedraft/livedraft.php or 2 programfiles/livedraft/admin.php...