PT-2009-6273 · D4J +1 · Com Ezine +1

Name of the Vulnerable Software and Affected Versions: Joomla! component com ezine version 2.1 Description: A remote file inclusion issue in the class/php/d4m ajax pagenav.php file of the D4J eZine component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the...

Remote file inclusion

PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow...

Remote file inclusion

PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648...

CVE-2009-1288

Multiple cross-site scripting XSS vulnerabilities in the Advanced Management Module AMM on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via 1 the username in a login action or 2 the PATH parameter to...

CVE-2008-6609

Cross-site scripting XSS vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter...

DEBIAN-CVE-2009-1148

Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...

CVE-2008-6295

Multiple cross-site scripting XSS vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to 1 search.php and 2 rss.php; the query string after the image name in 3 photos/photo; the path parameter to 4 folder.php; page parameter and...

PHPAuctionSystem - Multiple Remote File Inclusions

PHPAuctionSystem - Multiple Remote File Inclusions »=======================================================================================================-X » » » PHPAuctionSystem Multiple Remote File Inclusion Vulnerability » » » » ======= ------d-------m------ ==== ==== » » || = | |o...

CVE-2008-5792

PHP remote file inclusion vulnerability in showjoined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue...

CVE-2008-5792

PHP remote file inclusion vulnerability in showjoined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue...

CVE-2008-5792

CVE-2008-5792 affects Indiscripts Enthusiast (3.1.4 and possibly earlier). The vulnerability is a PHP remote file inclusion in show_joined.php where an attacker can supply a URL in the path parameter to execute arbitrary PHP code on the server. The issue is also noted as a directory traversal con...

CVE-2008-5729

CVE-2008-5729 describes multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier. The issues allow remote attackers to inject arbitrary web script or HTML via three vectors: (1) the form and (2) the control parameters to FCKeditor/neditor.php, and (3) the path parameter...

CVE-2008-2783

Multiple cross-site scripting XSS vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to 1 week.php, 2 workweek.php, and 3 day.php; and 4 the horde parameter in the PATHINFO to the...

CVE-2008-2769

PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfigauthsmfpath parameter...

CVE-2008-1355

Cross-site scripting XSS vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...

CVE-2008-1273

CVE-2008-1273 concerns multiple XSS vulnerabilities in imageVue 1.7. The affected functionality is in the upload directory, with vulnerable entry points at popup.php, test/dir2.php, admin/upload.php, and dirxml.php. The underlying issue is that the path parameter is not properly sanitized, enabli...

CVE-2007-6655

PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...

CVE-2007-6657

PHP remote file inclusion vulnerability in source/includes/loadforum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfhrootpath parameter...

Design/Logic Flaw

showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter...

CVE-2007-6632

showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter...