CVE-2016-10828

cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path SEC-97...

CVE-2016-10837

cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path SEC-46...

DEBIAN-CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

UBUNTU-CVE-2017-0374

lib/Config/Model.pm in Config-Model aka libconfig-model-perl before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array...

PT-2016-3420 · Perl +2 · Perl +2

Name of the Vulnerable Software and Affected Versions: Perl versions prior to 5.22.3-RC2 Perl versions 5.24 prior to 5.24.1-RC2 Description: The issue is related to errors in privilege management in the Perl interpreter, specifically with the handling of the included directory array "@INC". This...

The vulnerability of the PHP interpreter allows a hacker to gain access to read files.

The vulnerability of the PHP interpreter lies in the lack of checks for the sequence “%00” in the path name. Exploiting this vulnerability allows an attacker, operating remotely, to read arbitrary files using specially crafted input data for the application that calls the function...

Core FTP Server 1.2 - Local Buffer Overflow

Core FTP Server 1.2 - Local Buffer Overflow -- coding: utf-8 -- Exploit Title : Core FTP Server v1.2 - BufferOverflow POC Date: 2016-02-22 Author: INSECT.B Facebook : https://www.facebook.com/B.INSECT00 GitHub : binsect00 Blog : http://binsect00.tistory.com Vendor Homepage : http://www.coreftp.co...

CVE-2015-3412

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the streamresolveincludepath function in ext/standard/streamsfuncs.c, as...

UBUNTU-CVE-2015-4025

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to 1...

PHP Multiple Function Security Bypass Vulnerabilities

PHP is a general-purpose web programming language. A security bypass vulnerability exists in the PHP setincludepath, tempnam, rmdir, and readlink functions, where by accepting null values in a path, a remote attacker can submit special values to bypass security controls on the path values...

Valdersoft Shopping Cart 3.0 - Multiple Remote File Include Vulnerabilities

No description provided by source. Valdersoft Shopping Cart v3.0 E-Commerce Software commonIncludePath Remote File Include +class : Remote File Include Vulnerability +Author : mdx +Files : +/commoninclude/common.php , /include/common.php, /admin/include/common.php +code : + + include...

Kietu 2/3 Index.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9499/info A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may...

PHPBB Advanced Quick Reply Hack 1.0/1.1 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6173/info The phpBB Advanced Quick Reply Hack is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence the include path for...

D-Forum 1 footer Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/6879/info D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts. Under some...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the includepath parameter to 1 checkout2-CYM.php, 2 checkout2-EN.php, 3 checkout2-FR.php, 4 cat-FR.php, 5 cat-EN.php, 6 cat-CYM.php, 7...

OpenCSP Multiple Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================== OpenCSP Multiple Remote File Include Vulnerability ==================================================...

PHP. ini way anti-injection or hung it-vulnerability warning-the black bar safety net

Originally this two-day study phpIDS, using the file: when you want to prevent the page attack, in the pages of the head of the include attack prevention file, just like General anti-injected into the file. We can use three cases to do that: 1, in each of the files within the references. Such a...

PHPAuctionSystem Multiple Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications =============================================================== PHPAuctionSystem Multiple Remote File Inclusion Vulnerabilities ===============================================================...

GoSamba 1.0.1 (include_path) Multiple RFI Vulnerabilities

Exploit for unknown platform in category web applications ========================================================= GoSamba 1.0.1 includepath Multiple RFI Vulnerabilities ========================================================= GoSamba 1.0.1 includepath Multiple Remote File Inclusion...

PT-2007-3691 · B2Evolution · B2Evolution

Name of the Vulnerable Software and Affected Versions: b2evolution affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in several parameters, including the inc path parameter to various PHP files in the blogs directory, the view...