Directory traversal

Directory traversal vulnerability in index.php in the RSfiles component comrsfiles 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the path parameter in a files.display action...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file aka snif 1.5.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 path and 2 download parameters...

Cross site scripting

Cross-site scripting XSS vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter...

CVE-2007-3056

Cross-site scripting XSS vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter...

CVE-2007-3056

Cross-site scripting XSS vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter...

CVE-2007-3056

Cross-site scripting XSS vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter to view/search/; or the 2 companyname, 3 country, 4 email, 5 firstname, 6 middlename, 7 required, 8 surname, or 9 title parameter to...

CVE-2007-2663

PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the pathlocal parameter to 1 ftp.php, 2 libs/db.php, and 3 libs/ftp.php...

PT-2007-3782 · Pixaria · Pixaria Gallery

Name of the Vulnerable Software and Affected Versions: Pixaria Gallery versions prior to 1.4.3 Description: The issue allows remote attackers to execute arbitrary PHP code. This is achieved via a URL in the cfgsysbase path parameter to scripts such as psg.smarty.lib.php and certain include and...

CVE-2007-2329

PHP remote file inclusion vulnerability in searchbot.php in Searchactivity allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in 1 the path parameter to library/adodb/adodb.inc.php, 2 the abspatheditor parameter to library/editor/editor.php, or 3 the cfgfiletoload parameter to...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board GPB unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 db.mysql.inc.php or 2 gpb.inc.php in include/, or the 3 theme parameter to themes/ubb/login.php...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to comarticles.php in 1 components/ or 2 classes/html/...

PT-2007-3439 · Openconcept · Openconcept Back-End Cms

Name of the Vulnerable Software and Affected Versions: OpenConcept Back-End CMS version 0.4.7 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the includes path parameter to various PHP files, including "click.php" and "pollcollector.php" in the htdocs...

CVE-2007-2049

Multiple PHP remote file inclusion vulnerabilities in the Calendar Module comcalendar 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to 1 comcalendar.php or 2 modcalendar.php...

CVE-2007-1987

Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pluginfile parameter to smarty/internals/core.loadpulgins.php or the 2 rootpath parameter to index.php. NOTE: CVE disputes 1 because the inclusion occurs...

CVE-2006-7115

SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php...

CVE-2006-7130

PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter, a different vector than CVE-2006-6770...

PT-2007-1294 · Jobline · Jobline

Name of the Vulnerable Software and Affected Versions: Jobline version 1.1.1 Description: A remote file inclusion issue exists, allowing remote attackers to execute arbitrary code via a URL in the mosConfig absolute path parameter in the admin.jobline.php script. Recommendations: For Jobline...