SPiD 1.3.1 - Scan_Lang_Insert.php Local File Inclusion

SPiD 1.3.1 - ScanLangInsert.php Local File Inclusion source: https://www.securityfocus.com/bid/16822/info SPiD is prone to a local file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of this issue may...

NOCC <= 1.0 Multiple Vulnerabilities

The remote host is running NOCC, an open source webmail application written in PHP. The installed version of NOCC is affected by a local file include flaw because it fails to sanitize user input to the 'lang' parameter of the 'index.php' script before using it to include other PHP files. Regardle...

CVE-2006-0878

Noah's Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php...

CVE-2006-0881

Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when registerglobals is enabled, allow remote attackers to include arbitrary PHP files via the 1 upperTemplate and 2 lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to...

CVE-2006-0881

CVE-2006-0881 concerns Noah’s Classifieds 1.3, where the PHP file gorum/gorumlib.php is vulnerable to remote file inclusion when PHP register_globals is enabled. The vulnerability enables an attacker to compel the application to include arbitrary PHP files by manipulating the upperTemplate or low...

Noah's Classifieds <= 1.3 Multiple Vulnerabilities

The remote host is running Noah's Classifieds, a classified ads application written in PHP. The installed version of Noah's Classifieds is reportedly affected by numerous remote and local file include, SQL injection, cross-site scripting, and information disclosure issues due to a general failure...

CVE-2006-0831

PHP remote file include vulnerability in index.php in Tasarim Rehberi allows remote attackers to execute arbitrary PHP code via a URL in the 1 sayfaadi or 2 sayfa parameter. NOTE: this might be a site-specific issue. If so, it should not be included in CVE...

CVE-2006-0831

The CVE-2006-0831 entry describes a PHP remote file include vulnerability in index.php of Tasarim Rehberi, allowing remote code execution via a URL supplied in the sayfaadi or sayfa parameters. The vulnerability stems from including user-controllable URLs, enabling arbitrary PHP execution if an a...

CVE-2006-0831

PHP remote file include vulnerability in index.php in Tasarim Rehberi allows remote attackers to execute arbitrary PHP code via a URL in the 1 sayfaadi or 2 sayfa parameter. NOTE: this might be a site-specific issue. If so, it should not be included in CVE...

CVE-2006-0786

Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allowurlfopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a 1 UNC share or 2 ftps URL, which bypasses the check for "http://", "ftp://"...

CVE-2006-0786

Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allowurlfopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a 1 UNC share or 2 ftps URL, which bypasses the check for "http://", "ftp://"...

CVE-2006-0786

The CVE-2006-0786 entry concerns PHP-Kit prior to 1.6.1 Release 2, where include.php contains an incomplete blacklist vulnerability. When allow_url_fopen is enabled, an attacker can perform PHP remote file include attacks by passing a path parameter that points to a (1) UNC share or (2) ftps URL,...

Design/Logic Flaw

DISPUTED Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in 1 dbadodb.php, 2 dbconnect.php, 3 session.php, 4 vwusrroles.php, 5 calendar.php, 6...

CVE-2006-0755

DotProject, versions ≤2.0.1, contains multiple PHP remote file inclusion vulnerabilities exploitable when register_globals is enabled. The baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, (7) tasks/gantt.php a...

CVE-2006-0755

Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in 1 dbadodb.php, 2 dbconnect.php, 3 session.php, 4 vwusrroles.php, 5 calendar.php, 6 dateformat.php, a...

CVE-2006-0688

PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter...

CVE-2006-0688

CVE-2006-0688 describes a PHP remote file inclusion vulnerability in the NiceCoder Indexu product, affecting versions 5.0.0 and 5.0.1. The flaw arises in application.php, allowing a remote attacker to execute arbitrary PHP code by supplying a URL in the base_path parameter. The NVD entry indicate...

CVE-2006-0688

PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter...

dotProject 2.0 - &#039;/modules/public/calendar.php?baseDir&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...

dotProject 2.0 - modulespublicdate_format.php?baseDir Remote File Inclusion

dotProject 2.0 - modulespublicdateformat.php?baseDir Remote File Inclusion source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...