CVE-2018-25231 HeidiSQL 9.5.0.5196 Denial of Service via Preferences

HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences Logging to...

PT-2023-25723 · Livelyworks · Livelyworks Articart

Name of the Vulnerable Software and Affected Versions: LivelyWorks Articart version 2.0.1 Description: A problematic issue was found in the Base64 Encoding Handler component, specifically affecting some unknown functionality of the file /change-language/de DE. The manipulation of the redirectTo...

InnoGames: Cache Poisoning via uppercase letters in invalid path

Summary of the issue Cache poisoning vulnerability appears in the request to innogames.com. The issue arises when language path parameter from the url gets processed on the backend to become lowercase. Then if a path provided in X-Forwarded-Host does not exist on the server, 301 response is...

AROUNDMe <= 1.1 (language_path) Remote File Include Exploit

No description provided by source. Discovered by cr4wl3r \ Indonesian Hacker 3rr0r: ./aroundme11/aroundme/components/core/connect.php line 25 ?php includeonce$languagepath . 'connect.lang.php'; ? PoC : http://server/path/components/core/connect.php?languagepath=Shell Contact Me :...

CVE-2008-5186

The setlanguagepath function in geshi.php in Generic Syntax Highlighter GeSHi before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path $path variable. NOTE: this issue has been disputed by a vendor, stating that only...

CVE-2008-5186

The setlanguagepath function in geshi.php in Generic Syntax Highlighter GeSHi before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path $path variable. NOTE: this issue has been disputed by a vendor, stating that only...

PT-2008-6329 · Nigel Mcnie · Geshi

Name of the Vulnerable Software and Affected Versions: Generic Syntax Highlighter GeSHi versions prior to 1.0.8.1 Description: The set language path function in geshi.php might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path $pa...

CVE-2007-2663

PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter...

CVE-2007-1985

Multiple PHP remote file inclusion vulnerabilities in phpexplorator.php in phpexplorator 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 cmd or 2 langpath parameter...

AROUNDMe 0.7.7 Multiple Remote File Inclusion Vulnerabilities

No description provided by source. AROUNDMe 077 Found by kezzap66345 Script Download:http://download.savannah.gnu.org/releases/aroundme/aroundme077.tar.gz ERROR1: File:\components\core\inc\coreprofile.header.php includeonce$languagepathcore . 'inc/mecommon.inc.php'; rfi coded RFI1:...

wps1-rfi.txt

+-------------------------------------------------------------------- + + Wap Portal Serve 1. = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: Wap Portal Server + Venedor ...........: http://www.sakic.net + Class ...............

miniCWB <= 1.0.0 (contact.php) Local File Include Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

PT-2006-6422 · Atutor · Atutor

Name of the Vulnerable Software and Affected Versions: ATutor version 1.5.3.2 Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via several parameters in different PHP files, including the section parameter in "documentation/common/frame toc.php" a...