CVE-2006-4826

PHP remote file inclusion vulnerability in bottom.php in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...

Limbo CMS <= 1.0.4.2L (com_contact) Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' ----------------------------------------------------------------------------- Limbo = 1.0.4.2L "comcontact" remote commands execution exploit by rgod [email protected] site: http://retrogod.altervista.org dorks:...

CVE-2006-4437

The provided documents confirm CVE-2006-4437 in Tagger LE: an eval() injection vulnerability that allows remote attackers to execute arbitrary PHP code via crafted query string parameters in tags.php, sign.php, and admin/index.php. The root cause is unsanitised input being used directly inside an...

CVE-2006-4780

PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

phpQuiz 0.1 (pagename) Remote File Include Vulnerability

No description provided by source. SolpotCrew Community phpQuiz v0.01 design and coding byJule Slootbeek pagename Remote File Inclusion Download file : http://www.furor-normannicus.de/phpQuiz/download/phpQuiz.zip Bug Found By :Solpot a.k.a k. Hasibuan 14-09-2006 contact: [email protected]...

phpQuiz v0.01 design and coding byJule Slootbeek (pagename) Remote File Inclusion

SolpotCrew Community phpQuiz v0.01 design and coding byJule Slootbeek pagename Remote File Inclusion Download file : http://www.furor-normannicus.de/phpQuiz/download/phpQuiz.zip Bug Found By :Solpot a.k.a k. Hasibuan 14-09-2006 contact: [email protected] Website :...

CVE-2006-4733

PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system SIPS 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the configsipssys parameter. NOTE: the product's documentation recommends placing the...

CVE-2006-4714

PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS aka phpWordPress 3.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classifiedpath parameter...

RaidenHTTPD SoftParserFileXml Parameter Remote File Inclusion

Binary data 3740.prm...

phpbb -- NULL byte injection vulnerability

Secunia reports: ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "avatarpath" parameter in admin/adminboard.php is not properly sanitised before being used as a configuration variable to store avatar...

CVE-2006-4678

PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the NEAbsPath parameter in 1 install.php and 2 migrateNE2toNE3.php...

CVE-2006-4644

PHP remote file inclusion vulnerability in modules/home.module.php in phpFullAnnu 5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the repmod parameter...

CVE-2006-4649

PHP remote file inclusion vulnerability in bpnews.php in BinGo News BP News 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter...

CVE-2006-4629

PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

TikiWiki file upload vulnerability (jhot.php)

Added: 09/08/2006 CVE: CVE-2006-4602 BID: 19819 OSVDB: 28456 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The jhot.php script allows remote attackers to upload arbitrary PHP commands into the img/wiki directory. The commands can then be executed by...

CVE-2006-4596

PHP remote file inclusion in MyBace Light Skrip, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the 1 hauptverzeichniss parameter in includes/logincheck.php and the 2 templateback parameter in admin/login/content/userdaten.php...

CVE-2006-4610

PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter...

CVE-2006-4548

e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCEimglibinclude image/jpeg parameter in...

CVE-2006-4544

Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbbhomepath parameter in files in the modules directory including 1 birstday/birst.php 2 birstday/select.php, 3...

CVE-2006-4557

PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis...