CVE-2006-0099

CVE-2006-0099 is a PHP remote file include vulnerability in Valdersoft Shopping Cart 3.0. The flaw occurs in (1) include/templates/categories/default.php and (2) other include/templates/categories/ PHP scripts, where an attacker can cause arbitrary code execution by supplying a crafted URL in the...

EUVD-2006-0107

PHP remote file include vulnerability in 1 include/templates/categories/default.php and 2 certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter...

CVE-2006-0094

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the incstat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

Design/Logic Flaw

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the incstat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

CVE-2006-0094

CVE-2006-0094 describes a PHP remote file include in oaBoard 1.0, specifically in forum.php via the inc_stat parameter, enabling remote attackers to execute arbitrary PHP code. The connected documents confirm oaBoard 1.0 as affected and do not provide remediation details. No exploits or fixed ver...

CVE-2006-0076

This CVE (CVE-2006-0076) relates to oaBoard 1.0: a PHP remote file inclusion flaw in forum.php where an input parameter inc can be controlled via URL to include a PHP file. The underlying issue is unsafely including external input as code, enabling arbitrary PHP execution if a remote file is incl...

CVE-2006-0064

PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the globrootDir parameter...

CVE-2006-0064

The CVE-2006-0064 entry concerns CubeCart. Multiple connected records confirm a PHP remote file inclusion vulnerability in includes/orderSuccess.inc.php, exploitable via a URL parameter glob[rootDir] that allows execution of arbitrary PHP code. This indicates a client-controllable file inclusion ...

CVE-2006-0064

PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the globrootDir parameter...

Plogger exploit method! - Vulnerability warning-the black bar safety net

http://www.hackeroo.com/Plogger 是 一 款 基于 PHP 的 网络日记 程序 the. Plogger does not filter the user submits the URI of the data, exploit vulnerabilities in the WEB permissions to execute arbitrary commands. Vulnerability in'plog-admin-functions.php'script for user-submitted'configbasedir'parameter is no...

CVE-2005-2463

Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message...

CVE-2005-4748

PHP remote file include vulnerability in functionsadmin.php in Virtual War VWar 1.5.0 R10 allows remote attackers to include and execute arbitrary PHP code via unspecified attack vectors. NOTE: this issue has been referred to as XSS, but it is clear from the vendor description that it is a file...

CVE-2005-4573

Plogger (Beta 2) is affected by CVE-2005-4573 via plog-admin-functions.php where unsanitized input in config[basedir] is used in a PHP require_once, enabling remote file inclusion and potential arbitrary code execution if register_globals is enabled. Affected component: admin/plog-admin-functions...

CVE-2005-4573

PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote attackers to execute arbitrary code via a URL in the configbasedir parameter...

OABoard 1.0 Forum - Remote File Inclusion

OABoard 1.0 Forum - Remote File Inclusion source: https://www.securityfocus.com/bid/16105/info The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application. This could result in the execution ...

CVE-2005-4556

PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when registerglobals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the 1 langsettings and 2...

CVE-2005-4556

PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when registerglobals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the 1 langsettings and 2...

CVE-2005-4556

CVE-2005-4556 affects IceWarp Web Mail 5.5.1 (used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). When register_globals is on, remote attackers can exploit PHP remote file include via the lang_settings and language parameters in accounts/inc/include.php and admin/inc/include...

CVE-2005-4462

PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remote attackers to execute arbitrary code via a URL in the ROOT parameter...

CVE-2005-4462

The CVE-2005-4462 entry concerns Tolva PHP website system 0.1.0, where a PHP remote file inclusion in usermods.php via the ROOT parameter allows arbitrary code execution from a URL. Documents do not provide an official fix or patched version; remediation details are not stated. If exploitable, im...