PmWiki < 2.1.21 Global Variables Overwriting

The version of PmWiki installed on the remote host contains a programming flaw in 'pmwiki.php' that may allow an unauthenticated remote attacker to overwrite global variables used by the application, which could in turn be exploited to execute arbitrary PHP code on the affected host, subject to t...

SoftBB 0.1 (cmd) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================= SoftBB 0.1 cmd Remote Command Execution Exploit ================================================= !/usr/bin/perl Affected.scr..: SoftBB 0.1 Poc.ID........: 11060904 Type..........: PHP code...

SoftBB 0.1 - &#039;cmd&#039; Remote Command Execution

!/usr/bin/perl Affected.scr..: SoftBB 0.1 Poc.ID........: 11060904 Type..........: PHP code execution, SQL Injection, Full Path Disclosure Risk.level....: High Vendor.Status.: Unpatched Src.download..: softbb.be Poc.link......: acid-root.new.fr/poc/11060904.txt Advisory.link.:...

SoftBB 0.1 (cmd) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl Affected.scr..: SoftBB 0.1 Poc.ID........: 11060904 Type..........: PHP code execution, SQL Injection, Full Path Disclosure Risk.level....: High Vendor.Status.: Unpatched Src.download..: softbb.be Poc.link......: acid-root.new.fr/poc/11060904.txt...

CVE-2006-4532

PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System YACS CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the contextpathtoroot parameter...

PT-2006-5230 · Phlymail · Phlymail Lite

Name of the Vulnerable Software and Affected Versions: PHlyMail Lite versions 3.4.4 and earlier Description: A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the PM pathhandler parameter. This is a different attack vector. Note that this issue has been...

PHProjekt <= 5.1 Multiple Remote File Inclusions

The remote host is running PHProjekt, an open source groupware suite written in PHP. The version of PHProjekt installed on the remote host fails to sanitize user-supplied input to the 'pathpre' parameter of the 'lib/specialdays.php' script as well as the 'libpath' parameter of the...

BigACE 1.8.2 - &#039;upload_form.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PHP code and execute it in the context of the webserver...

CVE-2006-4348

PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite comkochsuite 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2006-4282

PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component commambowiki 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter...

CVE-2006-4275

PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo comcatalogshop allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2006-4241

PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component comreporter allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2006-4215

PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoadConfig9990loadFile parameter...

Zen Cart autoload_func.php autoLoadConfig Array Remote File Inclusion

The version of Zen Cart installed on the remote host fails to sanitize input to the 'autoLoadConfig' array parameter before using it in 'includes/autoloadfunc.php' to include PHP code. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be able to exploit these...

CVE-2006-4163

PHP remote file inclusion vulnerability in clsfasttemplate.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE: another researcher was unable to find a way to execute code after including it via a URL. CVE...

CVE-2006-4076

Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition docpile:we 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INITPATH parameter to 1 lib/access.inc.php, 2 lib/folders.inc.php, 3 lib/init.inc.php or 4 lib/templates.inc.php...

CVE-2006-4036

PHP remote file inclusion vulnerability in includes/usercpregister.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

ModernBill 1.6 - config.php Remote File Inclusion

ModernBill 1.6 - config.php Remote File Inclusion SolpotCrew Community modernbill ver 1.6 DIR Remote File Inclusion Download file : http://freshmeat.net/projects/modernbill/ Bug Found By :Solpot a.k.a k. Hasibuan 03-08-2006 contact: [email protected] Website :...

CVE-2006-3967

PHP remote file inclusion vulnerability in component/option,commoskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2006-3967

PHP remote file inclusion vulnerability in component/option,commoskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...