722 matches found
phpMyWebmin 1.0 (window.php) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ============================================================== phpMyWebmin 1.0 window.php Remote File Include Vulnerability ============================================================== +PHP MyWebMin 1.0 Remote File Include +Advisory 5...
Back-end => 0.4.5 Remote File Include Vulnerabilities
Back-end = 0.4.5 Remote File Include Vulnerabilities Script.............. :Back-end Discovered By.... : Root3rH3ll Location .......... : Iran Class.............. : Remote Original Advisory : http://Www.PersainFox.com We ArE : Root3rH3LL & Arash.Rj Spical TNX Irania Hackers : Aria-Security , Crouz...
pNews 1.1.0 - nbs Remote File Inclusion
pNews 1.1.0 - nbs Remote File Inclusion PowerNews v1.1.0 nbs Remote File Inclusion Affected Software .: PowerNews v1.1.0 Download..: http://sourceforge.net/project/showfiles.php?groupid=35550 Class .............: Remote File Inclusion Risk ..............: high Found by ..........: CvIr.System...
CVE-2006-4780
PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
TeamCal Pro <= 2.8.001 (app_root) Remote file Include Vulnerability
No description provided by source. Author:PSYCH@ [email protected] TeamCal Pro 2.8.001 approot Remote file inclusion Vulnerabilities Demo: www.lewe.com/tcpro/ Code: include $tcconfig'approot'."includes/footer.html.inc.php" ; Exploit...
AzzCoder => phpBB XS 0.58 Remote File Include
A important vulnerability into functions.php will allow a malicious user to insert a remote file. The Vulnerable Code: includeonce $phpbbrootpath . './includes/functionscategorieshierarchy.' . $phpEx ; The phpbbrootpath isn't initialize and PHPBBIN isn't checked...
phpBB XS 0.58 - functions.php Remote File Inclusion
phpBB XS 0.58 - functions.php Remote File Inclusion Author: AzzCoder Vendor: http://www.phpbbxs.eu/ Vulnerable File: includes/functions.php Vulnerable Code: //The phpbbrootpath isn't initialize includeonce $phpbbrootpath . './includes/functionscategorieshierarchy.' . $phpEx ; Method To Use:...
CVE-2006-4448
Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 CONFIGBASEPATH parameter in a admin/autoprompter.php and b includes/common.inc.php, and the 2 CONFIGLANGUAGECPATH parameter ...
CVE-2006-4425
Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the CCFGPKGPATHINCL parameter in coinincludes scripts including 1 api.php, 2 common.php, 3 core.php, 4 custom.php, 5 db.php, 6 redirect.php or 7 sessionset.php. NOTE: the...
VisNetic Mail Server 8.3.5 - Multiple File Inclusions
VisNetic Mail Server 8.3.5 - Multiple File Inclusions source: https://www.securityfocus.com/bid/19002/info VisNetic Mail Server is prone to multiple local file-include vulnerabilities and a remote file includes vulnerability. These issues are due to a failure in the application to properly saniti...
PHP Blue Dragon CMS 2.9.1 - 'template.php' File Inclusion
----------------------------------------------------- Advisory id: FSA:015 Author: Federico Fazzi Date: 14/06/2006, 18:20 Sinthesis: PhpBlueDragon CMS 2.9.1, File inclusion vulnerability Type: high Product: http://phpbluedragon.net/ Patch: unavailable...
Remote file inclusion
PHP remote file inclusion vulnerability in Basic Analysis and Security Engine BASE 1.2.4 and earlier, with registerglobals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASEpath parameter to 1 baseqrycommon.php, 2 basestatcommon.php, and 3...
Remote file inclusion
PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALSAAINCPATH parameter in 1 cached.php3, 2 cron.php3, 3 discussion.php3, 4 filldisc.php3, 5 filler.php3, 6 fillform.php3, 7 go.php3, 8 hiercons.php3, 9...
WebCalendar-1.0.3 reading of any files
Version: WebCalendar-1.0.3 Type: Reading of any files Description: ----------------------------- includes/config.php: line 64 if ! empty $includedir $fd = @fopen "$includedir/settings.php", "rb", true ; ...... while ! feof $fd $data .= fgets $fd, 4096 ; $configLines = explode "n", $data ; for $n ...
APC ActionApps CMS 2.8.1 Remote File Include Vulnerabilities
No description provided by source. DEVIL TEAM THE BEST POLISH TEAM APC ActionApps CMS 2.8.1 - Remote File Include Vulnerabilities Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl site:...
PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities
!/usr/bin/php -q -d shortopentag=on ? echo "PHPFusion = v6.00.306 avatar modmime arbitrary file upload &rn"; echo "local inclusion vulnerabilitiesrn"; echo "by rgod [email protected]"; echo "site: http://retrogod.altervista.orgrnrn"; if $argc6 echo "Usage: php ".$argv0." host path user pass cm...
Invision Power Board 2.x.x < 04-25-06 Multiple Vulnerabilities
The installation of Invision Power Board on the remote host fails to sanitize input to the 'ck' parameter of the 'index.php' script before using it in database queries. An unauthenticated attacker may be able to leverage this issue to disclose sensitive information, modify data, or launch attacks...
Sql injection
SQL injection vulnerability in portfoliophotopopup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the countclick function in includes/functions/fnsstd.php. NOTE: this issue could...
CVE-2006-2080
SQL injection vulnerability in portfoliophotopopup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the countclick function in includes/functions/fnsstd.php. NOTE: this issue could...
Sql injection
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via 1 the $username variable in the mosGetParam function and 2 the $task parameter in the mosMenuCheck function in a includes/mambo.php; and 3 the $filter...