e107 ibrowser.php zend_has_del() Function Remote Code Execution

The 'e107handlers/tinymce/plugins/ibrowser/ibrowser.php' script included with the version of e107 installed on the remote host contains a programming flaw that may allow an unauthenticated, remote attacker to execute arbitrary PHP code on the affected host, subject to the privileges of the web...

CVE-2006-4530

Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php...

CVE-2006-4451

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...

CVE-2006-4451

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the 1 User-Agent HTTP header in tag.php, which is executed by all.php, and 2 the banned parameter in adminindex.php...

CVE-2006-4425

CVE-2006-4425 affects the phpCOIN 1.2.3 package. Multiple remote file inclusion weaknesses allow an unauthenticated, remote attacker to cause code execution by manipulating the _CCFG[_PKG_PATH_INCL] parameter in seven coin_includes scripts (api.php, common.php, core.php, custom.php, db.php, redir...

CVE-2006-4363

PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component comcropimage 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter...

CVE-2006-4373

PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvcincludedir parameter...

BigACE 1.8.2 - download.cmd.php Remote File Inclusion

BigACE 1.8.2 - download.cmd.php Remote File Inclusion source: https://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PH...

CVE-2006-4291

PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier Build 3.04.04 allows remote attackers to execute arbitrary PHP code via a URL in the PMpathhandler parameter...

CVE-2006-4278

PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter...

CVE-2006-4242

PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

Echo Security Advisory 2006.44

ECHOADV44$2006 ------------------------------------------------------------------------------ ECHOADV44$2006 PHP Simple Shop = 2.0 abspath Remote File Inclusion ------------------------------------------------------------------------------ Author : Ahmad Maulana a.k.a Matdhule Date Found : August...

CVE-2006-4196

PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatesdir parameter...

CVE-2006-4198

PHP remote file inclusion vulnerability in includes/session.php in Wheatblog wB 1.1 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wbclassdir parameter...

GLSA-200608-19 : WordPress: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200608-19 WordPress: Privilege escalation The WordPress developers have confirmed a vulnerability in capability checking for plugins. Impact : By exploiting a flaw, a user can circumvent WordPress access restrictions when using...

CVE-2006-4085

PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project TSEP 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsepconfigabsPath parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this...

CVE-2006-4077

PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager CWFM 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter...

CVE-2006-4053

PHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter...

CVE-2006-4011

PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter...

PHP Simple Shop 2.0 - abs_path Remote File Inclusion

PHP Simple Shop 2.0 - abspath Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV44$2006 ------------------------------------------------------------------------------ ECHOADV44$2006 PHP Simple Shop = 2.0 abspath Remote File Inclusion...