CVE-2007-2779

PHP remote file inclusion vulnerability in templatecsv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfocontent parameter...

CVE-2007-2774

Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to 1 connect.php or 2 modules/startup.php...

CVE-2007-2762

Multiple PHP remote file inclusion vulnerabilities in Build it Fast bif3 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in 1 the peardir parameter to Base/Application.php, or the 2 sysdir parameter to a Footer.php, b widget.BifContainer.php, c widget.BifRoot.php, d...

CVE-2007-2611

Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to 1 mtdialogo.php, 2 ltdialogo.php, 3 login.php, and 4 logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the configpathMod parameter to index.php in 1 mod/image/, 2 mod/liens/, 3 mod/liste/, 4 mod/special/, or 5 mod/texte/...

CVE-2007-2527

Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to 1 dplogs.php or 2 index.php...

nuked176-exec.txt

Website: http://www.acid-root.new.fr/ PHP conditions: None = Private since 2 months. errorreportingEALL ^ ENOTICE; This file require the PhpSploit class. require"phpsploitclass.php"; If you want to use this class, the latest version can be downloaded from acid-root.new.fr. $xpl = new phpsploit;...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the 1 incpath parameter to a anoskin.php, b astub.php, c admin.php, d contact.php, e default.php, f index.php, and g multiblogs.php in blogs/; the 2 viewpath and 3...

CVE-2007-2288

PHP remote file inclusion vulnerability in info.php in Doruk100.net doruk100net allows remote attackers to execute arbitrary PHP code via a URL in the file parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 engdir parameter to addmember.php, 2 langpath parameter to admin/enginelib/class.phpmailer.php, and the 3 spawroot parameter to...

CVE-2007-2143

PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in my little forum 1.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to 1 admin.php and 2 timedifference.php...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to comarticles.php in 1 components/ or 2 classes/html/...

CVE-2007-2088

Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 writerFile parameter to index.php and the 2 file parameter to Integrator.php...

CVE-2007-2089

The CVE-2007-2089 entry covers multiple PHP remote file inclusion (RFI) vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo/Joomla!. The underlying issue is unsafe handling of the absolute_path parameter to com_articles.php, in either components/ or classes/html/, al...

ShoutPro 1.5.2 - shout.php Remote Code Injection

ShoutPro 1.5.2 - shout.php Remote Code Injection ?php echo "\n"; echo " Special Greetings To - Timq,Warpboy,The-Maggot \n"; echo "\n\n\n"; //Writes Files - Under 100 bytes to meet requirements $temppayload = "...

Authorization

InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect...

CVE-2007-1998

Direct static code injection vulnerability in HIOX Guest Book HGB 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php...

CVE-2007-2015

PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter...

CVE-2007-1998

Direct static code injection vulnerability in HIOX Guest Book HGB 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php...