CVE-2006-2743

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with modmime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory...

Remote file inclusion

PHP remote file inclusion vulnerability in Basic Analysis and Security Engine BASE 1.2.4 and earlier, with registerglobals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASEpath parameter to 1 baseqrycommon.php, 2 basestatcommon.php, and 3...

PHPMyDesktopArcade 1.0 - index.php Local File Inclusion

PHPMyDesktopArcade 1.0 - index.php Local File Inclusion source: https://www.securityfocus.com/bid/18185/info phpMyDesktop|arcade is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts. An attacker may also be able to execute...

Design/Logic Flaw

Untrusted search path vulnerability in updateflash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in 1 wherecms, 2 wherelms, 3 whereupgrade, 4 BBCLIBPATH, and 5 BBCLANGUAGEPATH parameters in various unspecified scripts...

Sql injection

SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module...

ACal embed/day.php path Parameter Remote File Inclusion

The remote host is running ACal, an open source, web-based event calendar written in PHP. The version of ACal installed on the remote host fails to sanitize user-supplied input to the 'path' parameter of the 'embed/day.php' script before using it in PHP 'include' functions. Provided PHP's...

CVE-2006-2335

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 clarolineRepositorySys parameter in ldap.inc.php and the 2 claroCasLibPath parameter in casProcess.inc.php...

CVE-2006-2283

Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter in 1 auth.php and 2 authphpbb when the phpBB portal is enabled, and via a URL in the smfrootpath parameter in 3...

CVE-2006-2283

Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter in 1 auth.php and 2 authphpbb when the phpBB portal is enabled, and via a URL in the smfrootpath parameter in 3...

CVE-2006-2175

PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to 1 show.php or 2 top.php...

Remote file inclusion

PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classesdir parameter...

Sql injection

SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 categori and 2 stranica parameters...

CVE-2006-2098

PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via 1 README.html or 2 HEADER.html...

GLSA-200604-17 : Ethereal: Multiple vulnerabilities in protocol dissectors

The remote host is affected by the vulnerability described in GLSA-200604-17 Ethereal: Multiple vulnerabilities in protocol dissectors Coverity discovered numerous vulnerabilities in versions of Ethereal prior to 0.99.0, including: buffer overflows in the ALCAP CVE-2006-1934, COPS CVE-2006-1935 a...

CVE-2006-1890

Multiple PHP remote file inclusion vulnerabilities in myWebland myEvent 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the myeventpath parameter in 1 event.php and 2 initialize.php. NOTE: vector 2 was later reported to affect 1.4 as well...

BrightStor ARCserve Backup discovery service buffer overflow

Added: 04/19/2006 CVE: CVE-2005-2535 BID: 12536 OSVDB: 13814 Background The BrightStor ARCserve Backup server includes a discovery service which listens on ports 41523/TCP and 41524/UDP. Problem A buffer overflow in the discovery service allows remote attackers to execute arbitrary commands...

Directory traversal

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hubdir parameter, as demonstrated by including accesslog. NOTE: in some cases, arbitrary remot...

Sphider configset.php settings_dir Parameter Remote File Inclusion

The remote host is running Sphider, an open source web spider and search engine written in PHP. The version of Sphider installed on the remote host fails to sanitize user-supplied input to the 'settingsdir' parameter of the 'admin/configset.php' script before using it in a PHP 'include' function...