Post REvolution 0.7.0 RC 2 - 'dir' Remote File Inclusion

Post Revolution Remote File Inclusion Affected Software .: Post Revolution 6.6 / 7.0 Release Candidate 2 Download..: http://www.fabio.com.ar/postrev/ Risk ..............: high Date .........: 25/3/2007 Found by ..........: InyeXion Contact ...........: InyeXionatgmail.com Web .............:...

CVE-2007-0807

CVE-2007-0807 affects flashChat 4.7.8. Vulnerability: cross-site scripting (XSS) in info.php where the channel title (room name) is not properly handled by the “who’s online” feature, allowing remote attackers to inject arbitrary web script or HTML. The description and linked sources confirm the ...

EternalMart Guestbook 1.10 - adminauth.php Remote File Inclusion

EternalMart Guestbook 1.10 - adminauth.php Remote File Inclusion EternalMart Guestbook 1.1.0 emgbadminpath Remote File Include +class : Remote File Include Vulnerability +Author : mdx +Files : +admin/auth.php? +code : + + include"$emgbadminpath/authfunc.php"; + + download link :...

CVE-2005-3648

Multiple SQL injection vulnerabilities in the getrecord function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in 1 category.php and 2 info.php...

CVE-2005-3648

Multiple SQL injection vulnerabilities in the getrecord function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in 1 category.php and 2 info.php...

CVE-2005-3648

Multiple SQL injection vulnerabilities in the getrecord function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in 1 category.php and 2 info.php...

[Full-disclosure] xss in php koala script v1.2

xss /info.php?user=xss and an upload vulnerability if you upload a file named file.gif.php /upload/file.gif.php?cmd=ls file.gif.php is attached...

CVE-2003-1181

Advanced Poll 2.0.2 (PHP-based poll system) is affected. The vulnerability stems from info.php calling phpinfo(), allowing remote attackers to disclose sensitive information about the host PHP configuration. Exploitation is remote information disclosure; no patch/version remediation details are p...

CVE-2005-1169

Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php...

CVE-2005-1169

CVE-2005-1169 affects the Mafia Blog .4 BETA package, where the admin directory is not properly protected. This allows remote attackers to execute arbitrary PHP code by abusing writeinfo.php to inject code into info.php. The flaw enables arbitrary code execution with no authentication required an...

PHP List

Product : PHP List Version : 1.1.1b WebSite : http://phplist.kipu.co.uk Problem : phpinfo Description: ------------ info.php =========== ? echo phpinfo ? =========== Exploit: -------- http://somehost/list/info.php...