5 matches found
EUVD-2008-6223
Malware in sbrugna...
Directory traversal
Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the gpcltarlibdir parameter...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 SESSIONSCRIPTPATH parameter to includes/vars.inc.php and the 2 gpcltarlibdir parameter to...
CVE-2009-0530
Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 SESSIONSCRIPTPATH parameter to includes/vars.inc.php and the 2 gpcltarlibdir parameter to...
Pluck g_pcltar_lib_dir参数本地文件包含漏洞
BUGTRAQ ID: 32342 pluck是用php编写的简单内容管理系统。 pluck的data/inc/lib/pcltar.lib.php文件没有正确地验证对gpcltarlibdir参数的输入便用于包含文件: if !isset$gpcltarlibdir $gpcltarlibdir = "lib"; ... $gpcltarextension = "php"; if !defined"PCLERRORLIB" include"data/inc/$gpcltarlibdir/pclerror.lib.$gpcltarextension"; if...