CVE-2007-1604

Multiple unrestricted file upload vulnerabilities in w-Agora Web-Agora allow remote attackers to upload and execute arbitrary PHP code 1 via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or 2 by using browseavatar.php to upload a file with a double...

CVE-2006-7174

PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter. NOTE: this may be the same issue as CVE-2006-5235...

Code injection

Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the 1 adminmail, 2 emotpatch, 3 login, 4 pass, and unspecified other parameters. NOTE: the provenance of this...

CVE-2007-1549

CVE-2007-1549 affects phpx 3.5.15 where gallery.php’s addImage action allows unrestricted file upload. An attacker can upload arbitrary PHP scripts, which are placed under gallery/shelties/ and could be executed remotely. The CVE details focus on the unrestricted upload vulnerability and its abil...

phpStats 0.1.9 - PHP-Stats-options.php Remote Code Execution

phpStats 0.1.9 - PHP-Stats-options.php Remote Code Execution source: https://www.securityfocus.com/bid/23008/info PhpStats is prone to a remote code-execution vulnerability because the application fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary PHP...

WebCreator <= 0.2.6-rc3 (moddir) Remote File Inclusion Vulnerability

No description provided by source. \ /\ / | \ | / // / | | \ \ Y / | / / \ /\| /\ / / / / / .OR.ID ECHOADV74$2007 ------------------------------------------------------------------------------------- ECHOADV74$2007 WebCreator = 0.2.6-rc3 moddir Remote File Inclusion Vulnerability...

Groupit 2.00b5 (c_basepath) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications =============================================================== Groupit 2.00b5 cbasepath Remote File Inclusion Vulnerability ===============================================================...

Groupit 2.00b5 - &#039;c_basepath&#039; Remote File Inclusion

------------------------------------------------------------------------------------- ECHOADV75$2007 Groupit 2.00b5 cbasepath Remote File Inclusion Vulnerability -------------------------------------- ---------------------------------------------- Author : Dedi Dwianto a.k.a theday Date Found :...

Company WebSite Builder PRO 1.9.8 - &#039;INCLUDE_PATH&#039; Remote File Inclusion

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV76$2007 -------------------------------------------------------------------------------------------- ECHOADV76$2007 Company WebSite Builder PRO INCLUDEPATH Remote File Inclusion Vulnerability...

CVE-2007-1458

Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 inccheckdatelang.php, 2 inccharsetfx.php, 3 incconfigcolor.php, 4 inccurrencyset.php, 5 incdbmakelink.php, 6 incdiagnosticsreportfx.php, 7...

[ECHO_ADV_71$2007] AMP v3.2 &#40;base_path&#41; Remote File Inclusion Vulnerability

ECHOADV71$2007 --------------------------------------------------------------------------- ECHOADV71$2007 AMP v3.2 basepath Remote File Inclusion Vulnerability --------------------------------------------------------------------------- Author : Dedi Dwianto a.k.a theday Date Found : March, 13th...

Remote file inclusion

PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter...

Activist Mobilization Platform (AMP) 3.2 - Remote File Inclusion

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV71$2007 --------------------------------------------------------------------------- ECHOADV71$2007 AMP v3.2 basepath Remote File Inclusion Vulnerability...

Code injection

Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information...

CVE-2007-1394

Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information...

CVE-2007-1394

The CVE-2007-1394 entry concerns Flat Chat 2.0. It describes a direct static code injection vulnerability in startsession.php, where the Chat Name field is inserted into online.txt and subsequently included by users.php. The root cause is unsafely incorporating user-provided input into executable...

CVE-2006-7148

PHP remote file inclusion vulnerability in includes/bbusagestats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbbrootpath parameter. NOTE: this might be the same issues as CVE-2006-4893...

CVE-2006-7136

Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator phpPC 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativerpfad parameter to 1 poll.php, 2 pollkommentar.php, and 3 pollsm.php, different vectors and version than CVE-2005-1755...

CVE-2006-7109

Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif...

WebCalendar -- "noSet" variable overwrite vulnerability

Secunia reports: A vulnerability has been discovered in WebCalendar, which can be exploited by malicious people to compromise a vulnerable system. Input passed to unspecified parameters is not properly verified before being used with the "noSet" parameter set. This can be exploited to overwrite...