Arbitrary file deletion

POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data'name' with no restrictions, and this value is written to the FCPATH.$file file...

NetCharts Server Multiple Vulnerabilities

NetCharts Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Directory traversal

Multiple directory traversal vulnerabilities in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via 1 .. dot dot sequences in the PATHINFO to index.php or 2 vectors involving a block value in the...

CVE-2014-6446

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...

Gizzar <= 03162002 (index.php) Remote File Include Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '64305' ssvid version = '1.0' author = 'kikay' vulDate = '2006-12-13' createDate ...

Empire cms 7.0 background to get shell-vulnerability warning-the black bar safety net

Empire CMS7. 0 background can upload the mod suffix PHP file and execute inside php code. Into the backgroundit! Method a: system data tables with the system model-management data table and then randomly selected one data table, open the corresponding data table of the“management system model”as...

PhpGedView module.php pgvaction Parameter Traversal Local File Inclusion

The web server hosts PhpGedView, a web-based real estate listing management application written in PHP. The version of PhpGedView installed on the remote host fails to sanitize user input to the 'pgvaction' parameter of the 'module.php' script before using it to include PHP code. Regardless of...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow 1 remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and...

Jinzora name Parameter Local File Inclusion

The remote host is running Jinzora, a web-based media streaming and management system written in PHP. The version of Jinzora installed on the remote host fails to filter user-supplied input to the 'name' variable in the 'index.php' script when 'op' is set before using it to include PHP code...

CVE-2008-0143

CVE-2008-0143 describes a PHP remote file inclusion vulnerability in samPHPweb’s common/db.php (potentially version 4.2.2 and later) as packaged with SAM Broadcaster. An attacker can supply a URL via the commonpath parameter to cause arbitrary PHP code execution. Public CVSS v2 data in the record...

Flatnuke3 Remote Cookie Manipoulation / Privilege Escalation

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

Directory traversal

Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. dot dot sequence and trailing null %00 byte in the subsite parameter in a showsubsite todo...

CVE-2006-2609

artmedic newsletter 4.1.2 and possibly other versions, when registerglobals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletterlog.php. NOTE: the provenance of this information is unknown; the details are obtained sole...

AngelineCMS loadkernel.php installPath Parameter Remote File Inclusion

The remote host is running AngelineCMS, an open source content management system written in PHP. The version of AngelineCMS installed on the remote host fails to sanitize user-supplied input to the 'installPath' parameter of the '/kernel/loadkernel.php' script before using it in a PHP 'includeonc...

Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal)

The remote host is running eCommerce, a web-based shopping system from Comdev. The installed version of eCommerce allows remote attackers to control the 'pathdocroot' parameter used when including PHP code in the 'config.php' script. By leveraging this flaw, an attacker may be able to view...

CVE-2004-2256

Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang language variable...

CVE-2002-0206

The CVE-2002-0206 issue affects PHP-Nuke: index.php may include a URL to remote code via the file parameter, enabling remote arbitrary PHP code execution on servers running PHP-Nuke 5.3.1 and earlier (and possibly versions before 5.5). Root cause is PHP’s include() reading a URL without validatin...

Basilix Webmail 1.0 - File Disclosure

Basilix Webmail 1.0 - File Disclosure source: https://www.securityfocus.com/bid/2995/info Basilix is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. During operation, Basilix opens a PHP include file using a variable as...