CVE-2006-7047

include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot be used for code...

Meganoide's news v1.1.1 < = RFi Vulnerabilities

Meganoide's news v1.1.1 = RFi Vulnerabilities Download : http://www.spacemarc.it/scriptphp/index.php?script=meganoidesnews111 Script Name : Meganoide's news v1.1.1 Coded By : KaRTaL Contact : k4rtalatgmaildotcom V.Code in : path/include.php include"$SERVERDOCUMENTROOT/news/config.inc.php"; Exploi...

Comdev Newsletter 3.1 :) <= Remote File Inclusion

+-------------------------------------------------------------------- + + Comdev Newsletter 3.1 : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: Comdev Newsletter 3.1 + Venedor ...........: http://www.comdevweb.com + Class...

CVE-2006-3144

The CVE-2006-3144 entry concerns a PHP remote file inclusion in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier. The vulnerability allows an attacker to execute arbitrary PHP code by supplying a URL in the microcms_path parameter; later reports note it can also be used to include an...

Sql injection

SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php...

CVE-2006-1507

Cross-site scripting XSS vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php...

Cross site scripting

Cross-site scripting XSS vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php...

CVE-2006-1507

Cross-site scripting XSS vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php...

CVE-2006-0882

CVE-2006-0882 governs a directory traversal vulnerability in Noah’s Classifieds 1.3, where an attacker can cause index.php to include arbitrary local files via the otherTemplate parameter in include.php. This confirms a remote access impact through file inclusion. The available documents identify...

phpkit_161r2_incl_xpl.txt

---------- PHPKit = v.1.6.1 release 2 remote code execution ------------------- software: site: www.phpkit.de description: a Content Management / homepage / community building software written in PHP language --------------------------------------------------------------------------------...

CVE-2006-0785

Absolute path traversal vulnerability in include.php of PHPKIT

CVE-2003-1187

CVE-2003-1187 is a documented XSS vulnerability in PHPKIT, affecting versions 1.6.02 and 1.6.03. The issue resides in include.php where the contact_email parameter can be used by remote attackers to inject arbitrary script or HTML. The known impact is cross-site scripting, enabling credential-ste...

CVE-2005-0413

Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via 1 the fid in forum.php, 2 the member parameter in member.php, 3 the email parameter in forgot.php, or 4 the nbuser or nbpass parameters in include.php. NOTE: it was later reporte...

PHPKit 1.6 - Include.php Cross-Site Scripting

PHPKit 1.6 - Include.php Cross-Site Scripting source: https://www.securityfocus.com/bid/8960/info PHPKIT is reported to be prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically...

PHPKit 1.6 - 'Include.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/8960/info PHPKIT is reported to be prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically generated by the software. The issue exists i...

Zorum Portal (PHP)

Version : 3.0;3.1;3.2 Website : http://zorum.phpoutsourcing.com/ Problem : Include file File: --------------------------------- include.php --------------------------------- PHP Code: --------------------------------- ... include"$gorumDir/generformlibmultipleselection.php";...