CVE-2006-0064

PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the globrootDir parameter...

Plogger exploit method! - Vulnerability warning-the black bar safety net

http://www.hackeroo.com/Plogger 是 一 款 基于 PHP 的 网络日记 程序 the. Plogger does not filter the user submits the URI of the data, exploit vulnerabilities in the WEB permissions to execute arbitrary commands. Vulnerability in'plog-admin-functions.php'script for user-submitted'configbasedir'parameter is no...

CVE-2005-2463

Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message...

CVE-2005-4748

PHP remote file include vulnerability in functionsadmin.php in Virtual War VWar 1.5.0 R10 allows remote attackers to include and execute arbitrary PHP code via unspecified attack vectors. NOTE: this issue has been referred to as XSS, but it is clear from the vendor description that it is a file...

CVE-2005-4573

Plogger (Beta 2) is affected by CVE-2005-4573 via plog-admin-functions.php where unsanitized input in config[basedir] is used in a PHP require_once, enabling remote file inclusion and potential arbitrary code execution if register_globals is enabled. Affected component: admin/plog-admin-functions...

CVE-2005-4573

PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote attackers to execute arbitrary code via a URL in the configbasedir parameter...

OABoard 1.0 Forum - Remote File Inclusion

OABoard 1.0 Forum - Remote File Inclusion source: https://www.securityfocus.com/bid/16105/info The oaBoard application is prone to a remote file-include vulnerability. As a result, remote users may specify external PHP scripts to be included by the application. This could result in the execution ...

CVE-2005-4556

PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when registerglobals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the 1 langsettings and 2...

CVE-2005-4556

PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when registerglobals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the 1 langsettings and 2...

CVE-2005-4556

CVE-2005-4556 affects IceWarp Web Mail 5.5.1 (used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). When register_globals is on, remote attackers can exploit PHP remote file include via the lang_settings and language parameters in accounts/inc/include.php and admin/inc/include...

CVE-2005-4462

PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remote attackers to execute arbitrary code via a URL in the ROOT parameter...

CVE-2005-4462

The CVE-2005-4462 entry concerns Tolva PHP website system 0.1.0, where a PHP remote file inclusion in usermods.php via the ROOT parameter allows arbitrary code execution from a URL. Documents do not provide an official fix or patched version; remediation details are not stated. If exploitable, im...

CVE-2005-4462

PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remote attackers to execute arbitrary code via a URL in the ROOT parameter...

Tolva PHP website system Remote File Include

Script: Tolva PHP website system Version: 0.1.0 Language: PHP Official Website: http://sourceforge.net/projects/twebs Problem: Remote File Include Discovered by: beford Description: ============ A complete collection of php scripts that work tightly together to create a highly customizable, dynam...

CVE-2005-4287

PHP remote file include vulnerability in MarmaraWeb E-commerce allows remote attackers to execute arbitrary code via the page parameter to index.php...

CVE-2005-4287

CVE-2005-4287 affects MarmaraWeb E-commerce. The vulnerability is a PHP remote file include in index.php via the page parameter, enabling remote code execution. The issue stems from insufficient validation of the included file path, leading to arbitrary code execution with the web server. Connect...

EZDatabase 2.1.2 - 'index.php?db_id' SQL Injection

source: https://www.securityfocus.com/bid/15908/info ezDatabase is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. ezDatabase is prone to an SQL injection vulnerability and a local file include...

Limbo CMS 1.0.4.2 - option Traversal Arbitrary File Access

Limbo CMS 1.0.4.2 - option Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/15871/info Limbo CMS is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out cross-site scripting, SQL injection, and local file include attacks. Limbo...

Limbo CMS 1.0.4.2 - 'option' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/15871/info Limbo CMS is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out cross-site scripting, SQL injection, and local file include attacks. Limbo CMS versions 1.0.4.2 and prior are affected by these...

Limbo CMS 1.0.4.2 - index.php?_SERVER[REMOTE_ADDR] Cross-Site Scripting

Limbo CMS 1.0.4.2 - index.php?SERVERREMOTEADDR Cross-Site Scripting source: https://www.securityfocus.com/bid/15871/info Limbo CMS is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out cross-site scripting, SQL injection, and local file include...