PT-2007-1732 · Naig · Naig

Name of the Vulnerable Software and Affected Versions: Naig versions 0.5.2 and earlier Description: A remote file inclusion issue in index.php allows remote attackers to execute arbitrary PHP code via a URL in the this path parameter. However, a reliable third party disputes this issue, stating...

CVE-2006-6232

CVE-2006-6232 describes a PHP remote file inclusion vulnerability in DreamAccount 3.1, affecting admin/index.php via a URL in the path parameter. The underlying issue is a RFI in the path handling, allowing an attacker to execute arbitrary PHP code on the server. Documented impact is partial conf...

PT-2006-6801 · Active Php · Active Php Bookmarks

Name of the Vulnerable Software and Affected Versions: Active PHP Bookmarks version 1.1.02 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the APB SETTINGS'apb path' parameter in 1 apb common.php or 2 apb.php. However, it is noted that the PHP scripts exi...

PT-2006-6481 · Unknown · Advanced Guestbook

Name of the Vulnerable Software and Affected Versions: Advanced Guestbook version 2.3.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the include path parameter in the admin.php file. Recommendations: For Advanced Guestbook version 2.3.1, consider...

PT-2006-6422 · Atutor · Atutor

Name of the Vulnerable Software and Affected Versions: ATutor version 1.5.3.2 Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via several parameters in different PHP files, including the section parameter in "documentation/common/frame toc.php" a...

CVE-2006-5543

PHP remote file inclusion vulnerability in misc/function.php3 in PHP Generator of Object SQL Database PGOSD, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

MCGalleryPRO random2.php远程文件包含漏洞

mcGalleryPRO是一款图片收藏管理程序。 mcGalleryPRO的random2.php文件没有正确过滤对pathtofolder参数的输入，允许攻击者通过包含本地或外部资源的任意文件执行PHP代码。 random2.php中有漏洞的代码如下： if !empty$SERVER extract$SERVER, EXTROVERWRITE; if !empty$GET extract$GET, EXTROVERWRITE; if !empty$POST extract$POST, EXTROVERWRITE; if !empty$COOKIE extract$COOKIE,...

PT-2006-6178 · Hinton Design · Phpht Topsites

Name of the Vulnerable Software and Affected Versions: Hinton Design phpht Topsites affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpht real path parameter to certain scripts, including 1 'index.php', 2 other scripts ...

PT-2006-6154 · Phpbb · Phpbb

Name of the Vulnerable Software and Affected Versions: phpBB versions 2.0.10 and earlier Description: A remote file inclusion issue allows attackers to execute arbitrary PHP code. This is achieved by providing a URL in the phpbb root path parameter. Recommendations: For versions 2.0.10 and earlie...

PT-2006-5967 · Isearch · Isearch

Name of the Vulnerable Software and Affected Versions: iSearch version 2.16 Description: The issue concerns remote file inclusion vulnerabilities that could allow remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the isearch path parameter within various PHP...

PT-2006-5832 · Phpbb Xs · Phpbb Xs

PHP remote file inclusion vulnerability in includes/functions kb.php in the phpBB XS 2 Spain version allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter, a different vector than CVE-2006-4780 or CVE-2006-4893...

PT-2006-5618 · All Enthusiast · Reviewpost

Name of the Vulnerable Software and Affected Versions: All Enthusiast ReviewPost version 2.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the RP PATH parameter in the index.php file. Recommendations: For All Enthusiast ReviewPost version 2.5, consider...

CVE-2006-4629

PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

PT-2006-5058 · Mambo Joomla · Jim

Name of the Vulnerable Software and Affected Versions: JIM component for Joomla or Mambo version 1.0.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig absolute path parameter in the install.jim.php file. Recommendations: For version 1.0.1,...

CVE-2006-3935

system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to 1 send broadcast messages to all users /workplace/broadcast, 2 list all users /accounts/users, 3 add webusers...

PT-2006-4558 · Enduser · Listmessenger

Name of the Vulnerable Software and Affected Versions: ListMessenger version 0.9.3 Description: A remote file inclusion issue in enduser/listmessenger.php allows remote attackers to execute arbitrary PHP code via a URL in the lm path parameter. However, the vendor has disputed this issue, stating...

CVE-2006-3180

Cross-site scripting XSS vulnerability in ftpindex.php in Confixx Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the path parameter...

CVE-2006-3180

Cross-site scripting XSS vulnerability in ftpindex.php in Confixx Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the path parameter...

PT-2006-4031 · Nucleus · Nucleus

Name of the Vulnerable Software and Affected Versions: Nucleus version 3.23 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL using the DIR LIBS parameter in various files, including path/action.php, media.php, /xmlrpc/server.php, and /xmlrpc/api...

PT-2006-3958 · Phorum · Phorum

Name of the Vulnerable Software and Affected Versions: Phorum versions 5.1.13 and earlier Description: A remote file inclusion issue in common.php allows remote attackers to execute arbitrary PHP code via a URL in the PHORUMhttp path parameter. However, the vendor disputes this issue, stating tha...