PT-2006-3958 · Phorum · Phorum

Name of the Vulnerable Software and Affected Versions: Phorum versions 5.1.13 and earlier Description: A remote file inclusion issue in common.php allows remote attackers to execute arbitrary PHP code via a URL in the PHORUMhttp path parameter. However, the vendor disputes this issue, stating tha...

CVE-2006-2982

Multiple PHP remote file inclusion vulnerabilities in Enterprise Timesheet and Payroll Systems EPS 1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in 1 footer.php and 2 admin/footer.php...

CVE-2006-2983

PHP remote file inclusion vulnerability in Enterprise Timesheet and Payroll Systems EPS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in cal.php. NOTE: the provenance of this information is unknown; the details are obtained solely fr...

Remote file inclusion

PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to 1 inc/logincheck.inc.php, 2 inc/adminheader.inc.php, 3 inc/global.php, or 4 inc/mainheader.inc.php. NOTE: some of these vectors were also...

PT-2006-3777 · Mybloggie · Mybloggie

Name of the Vulnerable Software and Affected Versions: MyBloggie versions 2.1.1 and earlier Description: A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie root path parameter to admin.php. The issue's validity has been disputed, with so...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability...

CVE-2006-2210

Cross-site scripting XSS vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability...

Remote file inclusion

PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to 1 show.php or 2 top.php...

Directory traversal

Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 allows remote attackers to read arbitrary files via a .. dot dot in the path parameter...

CVE-2005-2616

Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to 1 initialize.php, 2 customize.php, 3 form.php, or 4 index.php...

[EXPL] ezUpload path Parameter Command Execution (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2005-2179

PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter...

CVE-2005-2179

PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter...

DEBIAN-CVE-2005-1526

PHP remote file inclusion vulnerability in configsettings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the configincludepath parameter...

CVE-2004-1543

Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. dot dot in the path parameter...

CVE-2004-1543

Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. dot dot in the path parameter...