CVE-2008-0782

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter...

CVE-2008-0782

CVE-2008-0782 describes a directory traversal in MoinMoin up to version 1.5.8 and earlier. An attacker could overwrite arbitrary files by sending a dot-dot in the MOIN_ID cookie during a userform action; the issue could also enable PHP code execution via the quicklinks parameter. The vulnerabilit...

CVE-2008-0782

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter...

CVE-2008-0782

Removed by vendor...

CVE-2008-0566

PHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fullpathtopublicprogram parameter...

Design/Logic Flaw

Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter...

CVE-2008-0222

Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors...

CVE-2007-6550

PMOS Help Desk 2.4 and earlier is affected by CVE-2007-6550. form.php redirects without exiting, enabling remote attackers to perform eval injection and execute arbitrary PHP code via the options array parameter. Affected component: PMOS Help Desk’s PHP form handling. Root cause: missing exit aft...

CVE-2007-6464

Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the grootdir parameter to 1 adminpageopen.php and 2 clientpageopen.php in global/templates/...

Remote file inclusion

PHP remote file inclusion vulnerability in blocks/blocksitemap.php in ViArt 1 CMS 3.3.2, 2 HelpDesk 3.3.2, 3 Shop Evaluation 3.3.2, and 4 Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the rootfolderpath parameter. NOTE: some of these details are obtained from...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the 1 level parameter to a installmodule.php and b uninstallmodule.php in upload/xax/admin/modules/, c upload/xax/admin/patch/index.php, and d...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccmslibrarypath parameter to 1 markdown.php and 2 gallery.php in decoder/...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfmbasepath parameter...

CVE-2007-6139

PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skinfile parameter...

CVE-2007-6133

PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfmbasepath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter...

scribe-exec.txt

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Scribe...

CVE-2007-5781

PHP remote file inclusion vulnerability in inc/sigeinit.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYSPATH parameter...

CVE-2007-5733

Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details...