56 matches found
EUVD-2009-1846
Malware in sbrugna...
Cross-site Scripting (XSS)
ptrofimov/beanstalkconsole is vulnerable to cross-site scripting. The vulnerability exists in include.php due to improper sanitizing of user inputs which allows an attacker to insert and execute arbitrary Javascript...
CVE-2018-16299
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter...
CVE-2018-16299
CVE-2018-16299 : WordPress Localize My Post 1.0 is vulnerable to Local File Inclusion via the ajax/include.php parameter. The vulnerability stems from insufficient validation of the file parameter, enabling an attacker to read arbitrary server files. Affected: WordPress Localize My Post 1.0 plugi...
PHPKIT WCMS 'include.php' cross-site scripting vulnerability
PHPKIT WCMS is a web-based content management system CMS. The system provides modules such as forums and message boards. A cross-site scripting vulnerability exists in PHPKIT WCMS, which stems from the program failing to adequately filter user-submitted input. When a user browses the affected sit...
CVE-2012-5866
Cross-site scripting XSS vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter...
SomeryC <= 0.2.4 (include.php skindir) Remote File Inclusion Vulnerability
No description provided by source. SomeryC = v0.2.4 Remote File Include Vendor: http://someryc.mostpopularcomic.com download http://someryc.mostpopularcomic.com/sC024.zip found by: Katatafish [email protected] d0rk: powered by someryc vuln-code/admin/system/include.php: if $start...
PHPKit 1.6 Include.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8960/info PHPKIT is reported to be prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically generated b...
GRBoard 1.8 - Multiple Remote File Inclusion Vulnerabilities
No description provided by source. GRBoard 1.8 Remote File Inclusion Vulnerability bY [email protected] / GRBoard VERSION 1.8 is bulletin board system of Korea. It is freely available for all platforms that supports PHP and MySQL. But I find Remote File Inclusion vulnerability. Here is the...
PHPKit 1.6.1 - 'mailer.php' SQL Injection
Phpkit 1.6.1 SQL Injection member.php | | ||| | | | | | -| .'| || | | | -| | | -| | || ||,|||| ||||| ||| ||||| Script: Phpkit 1.6.1 SQL Injection member.php Vulnerabilities SQL Injection Language: PHP Download: this script is for free Founder: ea$y laster Peace to -tmh- ,0qwl ,Crypter ,Dr.ChAoS...
CVE-2009-1851
The CVE-2009-1851 issue affects phpBugTracker
CVE-2008-5949
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cctbase parameter to 1 index.php; 2 handle/proxy.php; 3 header.php, 4 include.php, and 5 workspace.php in includes/; and 6 plugins/RSS/files/rss.php...
cctiddly-rfi.txt
/ $Id: cctiddly-1.7.4-rfi.txt,v 0.1 2008/12/04 04:12:20 cOndemned Exp $ ccTiddly 1.7.4 cctbase Multiple Remote File Inclusion Vulnerabilities found by cOndemned download from : http://tiddlywiki.org/ccTiddly/ccTiddlyv1.7.4.zip Probably prior versions are vulnerable too... Greetz: ZaBeaTy, str0ke,...
CVE-2008-5199
The CVE-2008-5199 issue affects the PHPOutsourcing IdeaBox (aka IdeBox) 1.1 and constitutes a PHP remote file inclusion vulnerability in include.php, exploitable via a URL in the gorumDir parameter. The underlying vulnerability allows an attacker to cause the remote inclusion of PHP code, which c...
Exploits communitycms-0.1 Remote File Inclusion
No description provided by source. ?php / + IN THE NAME OF GOD + + + Persian Boys Hacking Team -:- 2008 -:- IRAN + - + - discovered by N3TR00T3R at Y! dot com + - communitycms-0.1 Remote File Includion + - download :http://sourceforge.net/project/showf...roupid=223968 + - sp tnx :...
PHP-CON Include.PHP远程文件包含漏洞
PHP-CON是一款基于PHP的WEB应用程序。 PHP-CON不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于'Include.PHP'脚本对用户提交的'webappcfgAPPPATH'参数缺少过滤,指定远程服务器上的任意文件作为包含参数,可导致以WEB权限执行任意PHP代码。 PHP-CON 1.3 目前没有详细解决方案提供: http://sourceforge.net/project/showfiles.php?groupid=182182...
CVE-2007-6177
CVE-2007-6177 concerns a PHP remote file inclusion in Exchange/include.php of PHP_CON 1.3. The vulnerability enables an attacker to execute arbitrary PHP code by supplying a URL in the webappcfg[APPPATH] parameter. Documents consistently reference this exact vector and affected component, with no...
phpcon-rfi.txt
PHP-CON v1.3 include.phpRemote File Inclusion Vulnerability Script : http://sourceforge.net/project/showfiles.php?groupid=182182 POC : /PHPCON/Exchange/include.php?webappcfgAPPPATH= Evil Code...
PHP-CON 1.3 (include.php) Remote File Inclusion Vulnerability
No description provided by source. PHP-CON v1.3 include.phpRemote File Inclusion Vulnerability Script : http://sourceforge.net/project/showfiles.php?groupid=182182 POC : /PHPCON/Exchange/include.php?webappcfgAPPPATH= Evil Code...
PHP-CON 1.3 - 'include.php' Remote File Inclusion
PHP-CON 1.3 - 'include.php' Remote File Inclusion Script : http://sourceforge.net/project/showfiles.php?groupid=182182 POC : /PHPCON/Exchange/include.php?webappcfgAPPPATH= Evil Code milw0rm.com 2007-11-28...