24 matches found
EUVD-2026-33297
FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...
PHP Remote File Inclusion
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to PHP Remote File Inclusion via the ajaxform.php process. An attacker can execute arbitrary code on the server by...
File Descriptor Leak
Possible sensitive files Vulnerability description: A possible sensitive file has been found. This file is not directly linked from the website. This check looks for common sensitive resources like password files, configuration files, log files, include files, statistics data, database dumps. Eac...
phpProfiles <= 3.1.2b Multiple Remote File Include Vulnerabilities
No description provided by source. +------------------------------------------------------------------------------------------- + phpProfiles = 3.1.2b Multiple Remote File Include Vulnerabilities +------------------------------------------------------------------------------------------- + Affect...
Izumi <= 1.1.0 (RFI/LFI) Multiple Include Vulnerability
No description provided by source. + Izumi = 1.1.0 RFI/LFI Multiple Include Vulnerability + Discovered by cr4wl3r cr4wl3r!linuxmail.org + Download : http://sourceforge.net/projects/izumi/files/ + Code : page.php requireonce$dirinstall . $dirsrc . common.php; + Example : x RFI :...
Nukebrowser 2.x Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6731/info Nukebrowser is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the nukebrowser.php script file. Under some circumstances, it is possible fo...
myphpPageTool 0.4.3 -1 Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6744/info myphpPageTool is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in several PHP script files in the /doc/admin folder. Under some circumstance...
UBUNTU-CVE-2013-5951
Multiple cross-site scripting XSS vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 application.js.php in scripts/ or 2 admin.php, 3 copymove.php, 4 functions.php, 5 header.php, or 6...
Design/Logic Flaw
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/depend temporary file, related to 1 bsd.lib.mk and 2 bsd.prog.mk...
CVE-2011-1920
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/depend temporary file, related to 1 bsd.lib.mk and 2 bsd.prog.mk...
PYSEC-2009-11
The rst parser parser/textrst.py in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors...
PT-2007-4474 · Mybloggie · Mybloggie
Name of the Vulnerable Software and Affected Versions: myBloggie version 2.1.5 Description: The issue allows remote attackers to potentially execute arbitrary PHP code via a URL in the bloggie root path parameter to several PHP files, including config.php, db.php, template.php, functions.php,...
RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability
An interesting SQL injection vulnerability was discovered in CubeCart v3.0.16. This vulnerability cannot easily be exploited by traditional means - in fact, the actual vulnerable variable was not discovered. As a piece of user input is passed to CubeCart, it is sanitized through a routine mySQLSa...
PT-2006-7341 · Unknown · Phpprofiles
Name of the Vulnerable Software and Affected Versions: phpProfiles versions 3.1.2b and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter to various PHP files, including "include/body.inc.php" and "include/body admin.inc.php", or a...
TextSend <= 1.5 (config/sender.php) Remote File Include Vulnerability
No description provided by source. +------------------------------------------------------------------------------------------- + TextSend = 1.5 config/sender.php Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Vendo...
Sql injection
SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote attackers to execute arbitrary SQL commands via the order parameter in the include files 1 user.inc.php, 2 customer.inc.php, and 3 project.inc.php. NOTE: the provenance of this information is unknown; the details are obtained...
CVE-2006-0878
Noah's Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php...
SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities
The remote host is running SysCP, an open source control panel written in PHP. The version of SysCP installed on the remote host uses user-supplied input to several variables in various scripts without sanitizing it. Provided PHP's 'registerglobals' setting is enabled, an attacker can exploit the...
CVE-2002-2065
WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root...
CVE-2002-2065
WebCalendar 0.9.34 and earlier is affected by an insecure include-file access vulnerability. When the product is built with “browsing in includes directory” enabled, remote attackers can read arbitrary .inc files from the web root. Root cause: insecure include-path handling allows reading local i...