LoudBlog 0.41 - 'backend_settings.php' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...

LoudBlog 0.41 - 'index.php?template' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...

CVE-2006-1022

PHP remote file include vulnerability in solmenu.php in PeHePe Uyelik Sistemi aka PeHePe MemberShip Management System 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uyeklasor parameter, along with a misafir parameter that is set to UYESEVIYE...

CVE-2006-1013

PHP remote file include vulnerability in index.php in SMartBlog aka SMBlog 1.2 allows remote attackers to include and execute arbitrary PHP files via 1 the pg parameter and 2 a query string without a parameter...

LoudBlog 0.41 - 'podcast.php' SQL Injection

source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...

CVE-2006-1013

CVE-2006-1013 affects SMartBlog (SMBLog) 1.2 where index.php is vulnerable to a PHP remote file include via (1) the pg parameter and (2) a parameter-less query string. The vulnerability enables an attacker to include and execute arbitrary PHP files on the server. The CVSS-derived metrics in the p...

CVE-2006-1022

CVE-2006-1022 affects PeHePe Uyelik Sistemi (PeHePe Membership Management System) version 3. The issue is a PHP remote file inclusion in sol_menu.php. An attacker can cause arbitrary PHP code execution by supplying a URL in the uye_klasor parameter, together with misafir[] set to UYE_SEVIYE. This...

PHORUM 3.x5.x - Common.php Remote File Inclusion

PHORUM 3.x5.x - Common.php Remote File Inclusion source: https://www.securityfocus.com/bid/16977/info The PHORUM application is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this...

Remote file inclusion

PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL %00 in the index parameter...

CVE-2006-0945

PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL %00 in the index parameter...

CVE-2006-0945

The CVE-2006-0945 entry concerns Archangel Weblog 0.90.02, where a PHP remote file include vulnerability exists in admin/index.php. The underlying issue is a NULL byte (%00) in the index parameter that enables remote authenticated administrators to execute arbitrary PHP code. Documents identify t...

CVE-2006-0945

PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL %00 in the index parameter...

SPiD 1.3.1 - Scan_Lang_Insert.php Local File Inclusion

SPiD 1.3.1 - ScanLangInsert.php Local File Inclusion source: https://www.securityfocus.com/bid/16822/info SPiD is prone to a local file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of this issue may...

NOCC <= 1.0 Multiple Vulnerabilities

The remote host is running NOCC, an open source webmail application written in PHP. The installed version of NOCC is affected by a local file include flaw because it fails to sanitize user input to the 'lang' parameter of the 'index.php' script before using it to include other PHP files. Regardle...

CVE-2006-0878

Noah's Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php...

CVE-2006-0881

Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when registerglobals is enabled, allow remote attackers to include arbitrary PHP files via the 1 upperTemplate and 2 lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to...

CVE-2006-0881

CVE-2006-0881 concerns Noah’s Classifieds 1.3, where the PHP file gorum/gorumlib.php is vulnerable to remote file inclusion when PHP register_globals is enabled. The vulnerability enables an attacker to compel the application to include arbitrary PHP files by manipulating the upperTemplate or low...

Noah's Classifieds <= 1.3 Multiple Vulnerabilities

The remote host is running Noah's Classifieds, a classified ads application written in PHP. The installed version of Noah's Classifieds is reportedly affected by numerous remote and local file include, SQL injection, cross-site scripting, and information disclosure issues due to a general failure...

CVE-2006-0831

PHP remote file include vulnerability in index.php in Tasarim Rehberi allows remote attackers to execute arbitrary PHP code via a URL in the 1 sayfaadi or 2 sayfa parameter. NOTE: this might be a site-specific issue. If so, it should not be included in CVE...

CVE-2006-0831

The CVE-2006-0831 entry describes a PHP remote file include vulnerability in index.php of Tasarim Rehberi, allowing remote code execution via a URL supplied in the sayfaadi or sayfa parameters. The vulnerability stems from including user-controllable URLs, enabling arbitrary PHP execution if an a...