Loudblog 0.41 SQL Injection, Local file read/include

"Loudblog is a sleek and easy-to-use Content Management System CMS for publishing media content on the web." SQL Injection in podcast.php magicquotes=off: http://target/loudblog/podcast.php?id=1' and '1'='0' union select...

Design/Logic Flaw

PHP remote file include vulnerability in index.php in SMartBlog aka SMBlog 1.2 allows remote attackers to include and execute arbitrary PHP files via 1 the pg parameter and 2 a query string without a parameter...

CVE-2006-1022

PHP remote file include vulnerability in solmenu.php in PeHePe Uyelik Sistemi aka PeHePe MemberShip Management System 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uyeklasor parameter, along with a misafir parameter that is set to UYESEVIYE...

CVE-2006-1013

PHP remote file include vulnerability in index.php in SMartBlog aka SMBlog 1.2 allows remote attackers to include and execute arbitrary PHP files via 1 the pg parameter and 2 a query string without a parameter...

CVE-2006-1022

PHP remote file include vulnerability in solmenu.php in PeHePe Uyelik Sistemi aka PeHePe MemberShip Management System 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uyeklasor parameter, along with a misafir parameter that is set to UYESEVIYE...

CVE-2006-1013

CVE-2006-1013 affects SMartBlog (SMBLog) 1.2 where index.php is vulnerable to a PHP remote file include via (1) the pg parameter and (2) a parameter-less query string. The vulnerability enables an attacker to include and execute arbitrary PHP files on the server. The CVSS-derived metrics in the p...

LoudBlog 0.41 - podcast.php SQL Injection

LoudBlog 0.41 - podcast.php SQL Injection source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow...

CVE-2006-1022

CVE-2006-1022 affects PeHePe Uyelik Sistemi (PeHePe Membership Management System) version 3. The issue is a PHP remote file inclusion in sol_menu.php. An attacker can cause arbitrary PHP code execution by supplying a URL in the uye_klasor parameter, together with misafir[] set to UYE_SEVIYE. This...

LoudBlog 0.41 - 'index.php?template' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...

LoudBlog 0.41 - 'podcast.php' SQL Injection

source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...

LoudBlog 0.41 - 'backend_settings.php' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/17023/info Loudblog is prone to multiple input-validation vulnerabilities: - An SQL-injection vulnerability. - Two local file-include vulnerabilities. - An information-disclosure vulnerability. These issues allow remote attackers to execute arbitrary PHP...

PHORUM 3.x5.x - Common.php Remote File Inclusion

PHORUM 3.x5.x - Common.php Remote File Inclusion source: https://www.securityfocus.com/bid/16977/info The PHORUM application is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this...

Remote file inclusion

PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL %00 in the index parameter...

CVE-2006-0945

PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL %00 in the index parameter...

CVE-2006-0945

PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL %00 in the index parameter...

CVE-2006-0945

The CVE-2006-0945 entry concerns Archangel Weblog 0.90.02, where a PHP remote file include vulnerability exists in admin/index.php. The underlying issue is a NULL byte (%00) in the index parameter that enables remote authenticated administrators to execute arbitrary PHP code. Documents identify t...

SPiD 1.3.1 - Scan_Lang_Insert.php Local File Inclusion

SPiD 1.3.1 - ScanLangInsert.php Local File Inclusion source: https://www.securityfocus.com/bid/16822/info SPiD is prone to a local file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of this issue may...

NOCC <= 1.0 Multiple Vulnerabilities

The remote host is running NOCC, an open source webmail application written in PHP. The installed version of NOCC is affected by a local file include flaw because it fails to sanitize user input to the 'lang' parameter of the 'index.php' script before using it to include other PHP files. Regardle...

CVE-2006-0878

Noah's Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php...

CVE-2006-0881

Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when registerglobals is enabled, allow remote attackers to include arbitrary PHP files via the 1 upperTemplate and 2 lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to...