CVE-2007-1998

Direct static code injection vulnerability in HIOX Guest Book HGB 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php...

CVE-2007-1992

Multiple PHP remote file inclusion vulnerabilities in the comzoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter to 1 EXIFMakernote.php or 2 EXIF.php in classes/iptc/...

Remote file inclusion

PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the processmethod parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in the comzoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter to 1 EXIFMakernote.php or 2 EXIF.php in classes/iptc/...

CVE-2007-1982

Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax RSPA 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 IncludeFilePHPClass, 2 ClassPath, and 3 class parameters to a rspa/framework/Controllerv5.php, and b...

CVE-2007-1844

Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsites PHP 5 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to 1 button/settingssql.php, 2 settingssql.php, and 3 sources/misc/newday.php...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfilename parameter to 1 index.php or 2 backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has bee...

Information disclosure

JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-7185

PHP remote file inclusion vulnerability in includes/userstandard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relativeroot parameter...

CVE-2006-7182

PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter...

Unrestricted file upload

Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magicquotesgpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the 1 calendar or 2 file management module, or possibly...

W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities

source: https://www.securityfocus.com/bid/23055/info w-Agora is prone to multiple arbitrary file-upload vulnerabilities. An attacker can exploit these vulnerabilities to upload PHP script code and execute it in the context of the webserver process. w-Agora 4.2.1 is vulnerable. ?php / Title...

CVE-2007-1472

Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $GLOBALS, as demonstrated using a URL in the cbasepath parameter to 1 content.php,...

CVE-2006-7156

PHP remote file inclusion vulnerability in addonkeywords.php in Keyword Replacer keywordreplacer 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter...

CVE-2006-7120

PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper...

CVE-2007-1255

Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later...

Unrestricted file upload

Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later...

Remote file inclusion

PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter...

CVE-2007-1153

Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: issue might overlap...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in 1 the body parameter to templates/ZPanelV2/template.php or 2 the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap CVE-2005-0793.2. NOTE: the...