Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the a ETCDIR parameter to 1 libs/lom.php; 2 lomupdate.php, 3 check-lom.php, and 4 weighkeywords.php in scripts/; the b LIBSDIR parameter to 5 logout.php, 6 help.php...

CVE-2007-2609

CVE-2007-2609 affects gnuedu 1.3b2 with multiple PHP remote file inclusion vulnerabilities . An attacker can trigger arbitrary PHP code execution by supplying untrusted values to the ETCDIR parameter for files/libs (libs/lom.php; lom_update.php; check-lom.php; weigh_keywords.php; web/lom.php) and...

PHP DB Designer <= 1.02 Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications =========================================================== PHP DB Designer = 1.02 Remote File Include Vulnerabilities =========================================================== PHP DB Designer = 1.02 Remote File Include Exploit D.Script:...

CVE-2006-4938

help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message...

CVE-2006-4938

help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message...

CVE-2006-4938

Moodle before 1.6.2 contains a vulnerability in help.php where it does not verify the existence of certain help files before including them, which may allow a remote authenticated user to cause an error message that reveals the file path. The CVE is documented in multiple sources (NVD entry for C...

CVE-2006-4786

Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via 1 help.php and 2 other unspecified vectors involving scheduled backups...

CVE-2006-4786

Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via 1 help.php and 2 other unspecified vectors involving scheduled backups...

vikingMultiple.txt

================================================ :: Vikingboard 0.1b Multiple Vulnerabilities :: ================================================ Software : Vikingboard Website : http://www.vikingboard.com/ Discover : Hessam-x / www.hessamx.net I. Cross Site Scripting Vulnerabilities...

CVE-2006-4708

Multiple cross-site scripting XSS vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web script or HTML via the 1 act parameter in a help.php and b search.php, and the 2 p parameter in report.php...

CVE-2006-4708

Multiple cross-site scripting XSS vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web script or HTML via the 1 act parameter in a help.php and b search.php, and the 2 p parameter in report.php...

Vikingboard 0.1b Multiple Vulnerabilities

================================================ :: Vikingboard 0.1b Multiple Vulnerabilities :: ================================================ Software : Vikingboard Website : http://www.vikingboard.com/ Discover : Hessam-x / www.hessamx.net I. Cross Site Scripting Vulnerabilities...

DoceboLMS &lt;= 2.0.5 (help.php) Remote File Include Vulnerability

No description provided by source. Vulnerable Script: Docebo LMS 2.05 Discovered: beford xbefordx gmail com Noobs: %22Based+on+DoceboLMS+2.0%22 Vulnerable Files doceboLMS205/modules/credits/business.php = include$GET'lang'.'/language.php'; doceboLMS205/modules/credits/credits.php =...

DoceboLms 2.0.5 - help.php Remote File Inclusion

DoceboLms 2.0.5 - help.php Remote File Inclusion Vulnerable Script: Docebo LMS 2.05 Discovered: beford Noobs: %22Based+on+DoceboLMS+2.0%22 Vulnerable Files doceboLMS205/modules/credits/business.php = include$GET'lang'.'/language.php'; doceboLMS205/modules/credits/credits.php =...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIGmainpath parameter in 1 functions.php, 2 template.php, 3 news.php, 4 help.php, 5 mail.php, 6 Admin/admincats.php, 8 Admin/adminedit.php, 9...

ScozNews 1.2.1 - mainpath Remote File Inclusion

ScozNews 1.2.1 - mainpath Remote File Inclusion DEVIL TEAM THE BEST POLISH TEAM ScozNews v1.2.1 - Remote File Include Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl dork: "Powered By ScozNews"...

CVE-2006-2159

CVE-2006-2159 describes a CRLF injection vulnerability in help.php of Russcom Network Loginphp. The issue allows remote attackers to spoof e-mails and inject MIME headers by crafting CRLF sequences in the email address. According to the NVD entry, the vulnerability is exploitable over the network...

Design/Logic Flaw

help.php in V-webmail 1.6.2 allows remote attackers to obtain the installation path via unspecified invalid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-0794

CVE-2006-0794 affects V-webmail 1.6.2 via help.php, where remote attackers can obtain the installation path through unspecified invalid parameters. The available documents describe a path-disclosure issue but do not provide detailed root-cause analysis, exploited vectors, or concrete mitigation s...

CVE-2005-1895

Cross-site scripting XSS vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to 1 help.php or 2 footer.php...