Remote file inclusion

PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYSMYPATHTEMPLATES parameter...

Remote file inclusion

PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALSAAINCPATH parameter in 1 cached.php3, 2 cron.php3, 3 discussion.php3, 4 filldisc.php3, 5 filler.php3, 6 fillform.php3, 7 go.php3, 8 hiercons.php3, 9...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGpeardir parameter...

UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion

The version of UBB.threads installed on the remote host fails to sanitize input to the 'thispath' parameter before using it in a PHP include function in the 'addpostnewpoll.php' script. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be able to exploit this fl...

Nucleus CMS PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion

The remote host is running Nucleus CMS, an open source content management system. The version of Nucleus CMS installed on the remote host fails to sanitize input to the 'DIRLIBS' parameter before using it in a PHP include function in the 'nucleus/libs/PLUGINADMIN.php' script. Provided PHP's...

Remote file inclusion

PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS"CLPath" parameter to 1 reconfig.php and 2 srxclr.php. NOTE: this might be due to a globals overwrite issue...

CVE-2006-2570

PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS"CLPath" parameter to 1 reconfig.php and 2 srxclr.php. NOTE: this might be due to a globals overwrite issue...

newsletter.txt

I found a bug in artmedic Newsletter 4.1 proably even in newer versions which lets an attacker run arbitrary php-code and bypass the password protection. The reason for this is mistake in design. log.php: Usually the log.php is included and $logfile,$logtime and $email are declared in the parent...

CVE-2005-1755

PHP remote file inclusion vulnerability in pollvote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativerpfad parameter...

Code injection

Invision Power Board IPB before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving 1 the posticon variable in classes/post/classpost.php and 2 the df value in actionpublic/moderate.php...

Design/Logic Flaw

The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site...

Remote file inclusion

PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManagerPath parameter to ezusermanagerpwdforgott.php, possibly due to an issue in ezusermanagercore.inc.php...

Remote file inclusion

PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter cfg'popphotobasepath' variable. NOTE: Pixaria has notified CVE...

CVE-2006-2323

Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in 1 editsite.php, 2 addsite.php, and 3 in.php. NOTE: The config.php vector is already covered by CVE-2006-1749...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 clarolineRepositorySys parameter in ldap.inc.php and the 2 claroCasLibPath parameter in casProcess.inc.php...

Remote file inclusion

PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...

CVE-2006-2137

PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classesdir parameter...

Code injection

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

CVE-2006-2129

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...