Design/Logic Flaw

InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie...

CVE-2007-2005

Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter to 1 contacttype.php, 2 itemstatustype.php, 3 projectstatustype.php, 4 requesttype.php, 5...

CVE-2006-7193

PHP remote file inclusion vulnerability in unittest/testcases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTYDIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTYDIR is a constant...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 path parameter to admin/admin.php or the 2 modpath parameter to index.php...

CVE-2007-1976

PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfigrootpath parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application'...

Chatness 2.5.3 - options.phpsave.php Remote Code Execution

Chatness 2.5.3 - options.phpsave.php Remote Code Execution ?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of...

CVE-2007-1967

PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. Th...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsites PHP 5 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to 1 button/settingssql.php, 2 settingssql.php, and 3 sources/misc/newday.php...

Maplab <= 2.2.1 (gszAppPath) Remote File Inclusion Vulnerability

----------------------------------------------------------------------------------------- Maplab = 2.2.1 gszAppPath Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : Mufti Rizal a.k.a mbahngarso Date : March, 30t...

CVE-2007-1818

PHP remote file inclusion vulnerability in MODforumfieldsparse.php in the Forum picture and META tags 1.7 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-1818

PHP remote file inclusion vulnerability in MODforumfieldsparse.php in the Forum picture and META tags 1.7 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-1795

JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-1775

Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 and earlier allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Advanced Login <= 0.7 (root) Remote File Inclusion Vulnerability

No description provided by source. ------------------------------------------------------------------------------ Advanced Login = 0.7 root Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a Bithedz Date...

Advanced Login 0.7 - root Remote File Inclusion

Advanced Login 0.7 - root Remote File Inclusion ------------------------------------------------------------------------------ Advanced Login = 0.7 root Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a...

Advanced Login &lt;= 0.7 &#40;root&#41; Remote File Inclusion Vulnerability

------------------------------------------------------------------------------ Advanced Login = 0.7 root Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a Bithedz Date Found : Maret, 29th 2007 Location :...

Advanced Login <= 0.7 (root) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================ Advanced Login = 0.7 root Remote File Inclusion Vulnerability ================================================================...

CVE-2007-1695

PHP remote file inclusion vulnerability in includes/usercpregister.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant...

Code injection

Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System NPDS 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php...

Unrestricted file upload

Multiple unrestricted file upload vulnerabilities in w-Agora Web-Agora allow remote attackers to upload and execute arbitrary PHP code 1 via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or 2 by using browseavatar.php to upload a file with a double...