1983 matches found
e107 download.php extract() Function Variable Overwrite
The version of e107 installed on the remote host contains an unsafe call to 'extract' in the 'download.php' script. An unauthenticated, remote attacker can leverage this issue to overwrite arbitrary PHP variables, leading to arbitrary PHP code execution, SQL injection, as well as other sorts of...
e107 < 0.7.11 - Arbitrary Variable Overwriting
GulfTech Security Research August 07, 2008 Vendor : Steve Dunstan URL : http://www.e107.org/ Version : e107 = 0.7.11 Risk : Arbitrary Variable Overwriting Description: e107 is a popular full featured content management system written in php. Unfortunately e107 suffers from an arbitrary variable...
Flip 3.0 - 'config.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/30312/info Flip is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the...
fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion
The remote host is running fuzzylime cms, a PHP-based content management system. The version of fuzzylime cms installed on the remote host fails to sanitize user-supplied input to the 'files' parameter of the 'commsrss.php' script before using it to include PHP code. Regardless of PHP's...
OpenPro 1.3.1 - search_wA.php Remote File Inclusion
OpenPro 1.3.1 - searchwA.php Remote File Inclusion source: https://www.securityfocus.com/bid/30264/info OpenPro is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the...
CVE-2008-3184
Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO PHPSELF or 2 the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE:...
CVE-2008-3184
Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO PHPSELF or 2 the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE:...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 allow remote attackers to execute arbitrary PHP code via a URL in the includeconnection parameter to 1 edittopfeature.php and 2 edittopicsfeature.php in phpi/...
CVE-2008-2885
PHP remote file inclusion vulnerability in src/browser/resource/categories/resourcecategoriesview.php in Open Digital Assets Repository System ODARS 1.0.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSESROOT parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroomjmdir parameter. NOTE: some of these details are obtained from third party information...
CVE-2008-2296
PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in Rgboard 3.0.12 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter...
[ GLSA 200805-04 ] eGroupWare: Multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
Remote file inclusion
PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter...
CVE-2008-1511
Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for 1 classes/classadmin.php and 2 classes/classcomments.php. NOTE: the provenance of this information is unknown; the details are...
Le Forum - Fichier_Acceuil Remote File Inclusion
Le Forum - FichierAcceuil Remote File Inclusion source: https://www.securityfocus.com/bid/28423/info Le Forum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute malicious PHP code in the context ...
Le Forum - 'Fichier_Acceuil' Remote File Inclusion
source: https://www.securityfocus.com/bid/28423/info Le Forum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the...
SA-2008-021 - Live - Cross site request forgery
The contributed module Live provides previews of content items while typing them. Live is vulnerable to a cross site request forgery which may lead to execution of PHP code when an authenticated, privileged user visits a malicious site. Versions affected Live for Drupal 5.x before Live 5.x-0.1...
CVE-2008-0300
Mapbender vulnerability CVE-2008-0300 affects Mapbender 2.4 up to 2.4.4, via mapFiler.php. Root cause: lack of input filtering allows PHP code sequences placed in the factor parameter to be written to a file and later executed. Impact: remote code execution on the webserver with the privileges of...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to 1 minimal/wiki.php and 2 simplest/wiki.php...
CVE-2008-0782
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter...