CVE-2006-7100

PHP remote file inclusion vulnerability in includes/functionsmoduser.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2006-7105

PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably incorrect...

Unrestricted file upload

Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file...

CVE-2007-1235

Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file...

CVE-2007-1235

Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file...

CVE-2007-1148

PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter...

CVE-2007-1155

Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED...

CVE-2007-1147

PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter...

CVE-2006-7045

PHP remote file inclusion vulnerability in Clan Manager Pro CMPRO 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the 1 rootpath and possibly 2 sitepath parameters to a cmpro.ext/comment.core.inc.php and b cmpro.intern/comment.core.inc.php. NOTE: the provenanc...

Code injection

Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php...

CVE-2007-1073

CVE-2007-1073 involves a static code injection in mcRefer’s install.php. The bgcolor parameter is inserted into mcrconf.inc.php, enabling remote PHP code execution. The vulnerability affects install.php in mcRefer and can lead to complete compromise of affected systems. The available documents do...

LoveCMS 1.4 - 'step' Remote File Inclusion

source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. An attacker can exploit these issues to steal...

LoveCMS 1.4 - 'id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22675/info LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue. An attacker can exploit these issues to steal...

Remote file inclusion

PHP remote file inclusion vulnerability in inc/functionsinc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad, or possibly scriptpfad, parameter...

CVE-2007-1011

PHP remote file inclusion vulnerability in functionsinc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter...

CVE-2007-1025

PHP remote file inclusion vulnerability in inc/functionsinc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad, or possibly scriptpfad, parameter...

Magic News Plus 1.0.2 - news.php?link_parameters Cross-Site Scripting

Magic News Plus 1.0.2 - news.php?linkparameters Cross-Site Scripting source: https://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote...

Magic News Plus 1.0.2 - 'news.php?&link_parameters' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site scripting vulnerabilities. An...

CVE-2007-0983

PHP remote file inclusion vulnerability in admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the RootToScript parameter...

Meganoides News 1.1.1 - Include.php Remote File Inclusion

Meganoides News 1.1.1 - Include.php Remote File Inclusion source: https://www.securityfocus.com/bid/22589/info Meganoide's news is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PH...