CVE-2007-4279

PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the pathtoroot parameter...

Mapos-Scripts.de Gastebuch 1.5 - index.php Remote File Inclusion

Mapos-Scripts.de Gastebuch 1.5 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/25252/info Mapos-Scripts.de Gastebuch is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this iss...

CVE-2007-4187

CVE-2007-4187 affects Joomla! 1.5 beta before RC1 (Mapya). The vulnerability stems from multiple eval-injection flaws in the com_search component, specifically related to the searchword parameter being passed to eval() via default_results.php (1) components/com_search/views/search/tmpl/ and (2) t...

CVE-2007-4120

Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 classfile parameter to includes/functions.php, the 2 nextitem parameter to includes/functionscron.php, and the 3 specialtemplates parameter to...

CVE-2007-4026

epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information...

CVE-2007-4009

PHP remote file inclusion vulnerability in admin/businessinc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter...

CVE-2007-3980

PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameScript Pro allows remote attackers to execute arbitrary PHP code via a URL in the id parameter...

CVE-2007-3932

CVE-2007-3932 affects the Joomla! Expose component (RC35 and earlier, com_expose) via uploadimg.php. The code fails to exit after detecting non‑JPEG uploads, enabling an unauthenticated attacker to upload and execute arbitrary PHP in the img/ folder (remote code execution). This is supported by t...

CVE-2007-3932

uploadimg.php in the Expose RC35 and earlier comexpose component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder...

mycms098-exec.txt

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n";...

CVE-2007-3543

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the wpattachedfile metadata field; and then sending this file's content, alo...

CVE-2007-3544

Unrestricted file upload vulnerability in 1 wp-app.php and 2 app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wppostmeta table and the use of custom fields in normal...

CVE-2007-3240

Cross-site scripting XSS vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI REQUESTURI that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session...

Cross site scripting

Cross-site scripting XSS vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI REQUESTURI that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session...

CVE-2007-3239

Cross-site scripting XSS vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHPSELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative sessio...

CVE-2007-3240

The CVE-2007-3240 entry concerns the WordPress Vistered-Little theme vulnerable in 404.php: XSS via the REQUEST_URI that accesses index.php, potentially allowing remote injection of script/HTML and, per notes, execution in an administrative session. The issue is actionable in the theme code and i...

CVE-2007-3240

Cross-site scripting XSS vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI REQUESTURI that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session...

CVE-2007-3228

PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUMLIB parameter. NOTE: by default, access to the PhpDocumentor directory tree...

Joomla! Component JD-Wiki 1.0.2 - 'wantedpages.php?MosConfig_absolute_path' Remote File Inclusion

source: https://www.securityfocus.com/bid/24342/info JD-Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in t...

Remote file inclusion

PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...