CVE-2006-0831

PHP remote file include vulnerability in index.php in Tasarim Rehberi allows remote attackers to execute arbitrary PHP code via a URL in the 1 sayfaadi or 2 sayfa parameter. NOTE: this might be a site-specific issue. If so, it should not be included in CVE...

CVE-2006-0786

Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allowurlfopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a 1 UNC share or 2 ftps URL, which bypasses the check for "http://", "ftp://"...

CVE-2006-0786

Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allowurlfopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a 1 UNC share or 2 ftps URL, which bypasses the check for "http://", "ftp://"...

CVE-2006-0786

The CVE-2006-0786 entry concerns PHP-Kit prior to 1.6.1 Release 2, where include.php contains an incomplete blacklist vulnerability. When allow_url_fopen is enabled, an attacker can perform PHP remote file include attacks by passing a path parameter that points to a (1) UNC share or (2) ftps URL,...

Design/Logic Flaw

DISPUTED Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in 1 dbadodb.php, 2 dbconnect.php, 3 session.php, 4 vwusrroles.php, 5 calendar.php, 6...

CVE-2006-0755

DotProject, versions ≤2.0.1, contains multiple PHP remote file inclusion vulnerabilities exploitable when register_globals is enabled. The baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, (7) tasks/gantt.php a...

CVE-2006-0755

Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in 1 dbadodb.php, 2 dbconnect.php, 3 session.php, 4 vwusrroles.php, 5 calendar.php, 6 dateformat.php, a...

CVE-2006-0688

PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter...

CVE-2006-0688

CVE-2006-0688 describes a PHP remote file inclusion vulnerability in the NiceCoder Indexu product, affecting versions 5.0.0 and 5.0.1. The flaw arises in application.php, allowing a remote attacker to execute arbitrary PHP code by supplying a URL in the base_path parameter. The NVD entry indicate...

CVE-2006-0688

PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter...

dotProject 2.0 - '/modules/public/calendar.php?baseDir' Remote File Inclusion

source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...

dotProject 2.0 - modulespublicdate_format.php?baseDir Remote File Inclusion

dotProject 2.0 - modulespublicdateformat.php?baseDir Remote File Inclusion source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...

dotProject 2.0 - modulestasksgantt.php?baseDir Remote File Inclusion

dotProject 2.0 - modulestasksgantt.php?baseDir Remote File Inclusion source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker...

CVE-2006-0659

Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with registerglobals and allowurlfopen enabled, allow remote attackers to execute arbitrary code via the bbPathpath parameter in 1 class.forumposts.php and 2 forumpollrenderer.php...

Design/Logic Flaw

Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with registerglobals and allowurlfopen enabled, allow remote attackers to execute arbitrary code via the bbPathpath parameter in 1 class.forumposts.php and 2 forumpollrenderer.php...

CVE-2006-0659

CVE-2006-0659 concerns multiple PHP remote code execution vulnerabilities in RunCMS 1.2 and earlier, arising when register_globals and allow_url_fopen are enabled. An attacker can trigger arbitrary code execution via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer...

CVE-2006-0659

Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with registerglobals and allowurlfopen enabled, allow remote attackers to execute arbitrary code via the bbPathpath parameter in 1 class.forumposts.php and 2 forumpollrenderer.php...

LinPHA 0.9.x1.0 - forth_stage_install.php Local File Inclusion

LinPHA 0.9.x1.0 - forthstageinstall.php Local File Inclusion source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in...

Farsinews 2.12.5 - show_archives.php?template Traversal Arbitrary File Access

Farsinews 2.12.5 - showarchives.php?template Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/16580/info FarsiNews is prone to directory-traversal and local file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-suppli...

Farsinews 2.1/2.5 - 'show_archives.php?template' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/16580/info FarsiNews is prone to directory-traversal and local file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit the directory-traversal vulnerability to...