CVE-2006-1387

CVE-2006-1387 affects TWiki 4.0, 4.0.1, and 20010901 through 20040904. The vulnerability allows remote authenticated users with edit rights to cause a denial of service via INCLUDE by URL statements that form a loop (e.g., a page including itself), triggering infinite recursion and consuming CPU ...

Help Center Live module.php local file include flaw

The remote web server contains a PHP script that is affected by a local file file include vulnerability. Description : The remote host is running Help Center Live, a help desk tool written in PHP. The remote version of Help Center Live fails to sanitize input to the SPDX-FileCopyrightText: 2005...

CuteNews <= 1.4.1 (function.php) Local File Include Exploit

No description provided by source. ?php // Happy NEW Iranian year . // Happy Norouz PERSIAN celebration // CuteNews 1.4.1 CutePHP.com Hash password Finder // by Hamid Ebadi // http://hamid.ir // Bug Discovered and Exploited by Hamid Ebadi .: Hamid Network Security Team :. // run it from your...

VihorDesign - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17227/info VihorDesign is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious...

CVE-2006-1350

The CVE-2006-1350 entry is supported by multiple connected sources detailing a remote file include (RFI) flaw in Free Articles Directory (a PHP CMS). The vulnerability occurs because index.php fails to sanitize the page parameter, allowing an unauthenticated attacker to include and execute arbitr...

CVE-2006-1350

PHP remote file include vulnerability in index.php in 99Articles.com aka ArticlesOne.com Free articles directory allows remote attackers to include and execute arbitrary PHP code via a URL in the page parameter...

CVE-2006-1294

PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter...

CVE-2006-1294

PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter...

CVE-2006-1294

CVE-2006-1294 describes a PHP remote file inclusion in KnowledgebasePublisher 1.2, where the dir parameter in PageController.php can be supplied by an attacker to include and execute arbitrary PHP code. The query/condition relies on unsafely handling a URL input, enabling remote code execution wi...

Code injection

Direct static code injection vulnerability in addlink.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the urlname parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement...

Remote file inclusion

PHP remote file include vulnerability in common.php in txtForum 1.0.4-dev and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the skin parameter to login.php, and possibly other parameters to other PHP scripts, related to include statements in common.php...

CVE-2006-1203

PHP remote file include vulnerability in common.php in txtForum 1.0.4-dev and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the skin parameter to login.php, and possibly other parameters to other PHP scripts, related to include statements in common.php...

CVE-2006-1200

Direct static code injection vulnerability in addlink.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the urlname parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement...

CVE-2006-1212

Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which...

CVE-2006-1203

The CVE-2006-1203 entry concerns a PHP remote file include vulnerability in txtForum 1.0.4-dev and earlier. The issue allows an attacker to cause arbitrary PHP code execution via a URL passed to the skin parameter of login.php (and possibly other parameters) due to include statements in common.ph...

CVE-2006-1203

PHP remote file include vulnerability in common.php in txtForum 1.0.4-dev and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the skin parameter to login.php, and possibly other parameters to other PHP scripts, related to include statements in common.php...

Design/Logic Flaw

PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1099

PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1099

CVE-2006-1099 describes a PHP remote file inclusion vulnerability in logIT versions 1.3 and 1.4. An attacker can trigger arbitrary PHP code execution by supplying a crafted value for the pg parameter in a URL. Multiple sources (NVD, Red Hat, CVE records) corroborate the issue, with the note that ...

txtForum: Script Injection Vulnerability

=========================================================== txtForum: Script Injection Vulnerability =========================================================== Technical University of Vienna Security Advisory TUVSA-0603-004, March 9, 2006 =========================================================...