CVE-2006-6232

PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2006-6232

PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

deV!Lz Clanportal [DZCP] <= 1.3.6 Arbitrary File Upload Vulnerability

Exploit for unknown platform in category web applications ===================================================================== deV!Lz Clanportal DZCP = 1.3.6 Arbitrary File Upload Vulnerability ===================================================================== S Y N O P S I S /...

DZCP (deV!L_z Clanportal) 1.3.6 - Arbitrary File Upload

DZCP deV!Lz Clanportal 1.3.6 - Arbitrary File Upload S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload PHP code a...

CVE-2006-6151

PHP remote file inclusion vulnerability in centre.php in Messagerie Locale as of 20061127 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-6137

Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the 1 exec parameter to index.php or 2 print parameter to print.php, which is also accessible via the print command to index.php...

WORK System E-Commerce g_include参数远程文件包含漏洞

WORK System E-Commerce是一款动态内容和站点管理系统。 WORK System E-Commerce在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意指令。 WORK System E-Commerce的index.php和module/forum/forum.php脚本没有正确验证ginclude参数的输入，允许攻击者通过包含本地或外部资源文件执行任意PHP代码。漏洞相关的代码如下： include $ginclude."file.inc"; Laurent Van den Reysen WORK system...

CVE-2006-5811

PHP remote file inclusion vulnerability in library/translation.inc.php in OpenEMR 2.8.1, with registerglobals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSsrcdir parameter...

CVE-2006-5786

Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107languagee107cookie cookie to gsitemap.php...

EUVD-2006-5715

PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. NOTE: it is possible that this is a vulnerability in FCKeditor...

CVE-2006-5665

PHP remote file inclusion vulnerability in admin/modulesdata.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2006-5623

PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool EE Tool 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter...

Segue CMS themesettings.inc.php themesdir Parameter Remote File Inclusion

The remote web server is running Segue CMS, an open source content management system tailored for educational institutions. The version of Segue CMS installed on the remote host fails to sanitize input to the 'themesdir' parameter before using it in the 'themes/program/themesettings.inc.php' scri...

PLS-Bannieres 1.21 - &#039;Bannieres.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/20772/info PLS-Bannieres is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the...

CVE-2006-5548

PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System OTSCMS 2.0.0 through 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSconfigdirectoriesclasses parameter...

MCGalleryPRO random2.php远程文件包含漏洞

mcGalleryPRO是一款图片收藏管理程序。 mcGalleryPRO的random2.php文件没有正确过滤对pathtofolder参数的输入，允许攻击者通过包含本地或外部资源的任意文件执行PHP代码。 random2.php中有漏洞的代码如下： if !empty$SERVER extract$SERVER, EXTROVERWRITE; if !empty$GET extract$GET, EXTROVERWRITE; if !empty$POST extract$POST, EXTROVERWRITE; if !empty$COOKIE extract$COOKIE,...

CVE-2006-5415

PHP remote file inclusion vulnerability in includes/functionsnewshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2006-5421

WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but tha...

CVE-2006-5380

Contenido CMS suffers a remote file inclusion (RFI) vulnerability in CVE-2006-5380 via the contenido_path parameter to cms/dbfs.php or cms/front_content.php, enabling arbitrary PHP code execution. Note: CVE disputes this for version 4.6.15 where contenido_path is static. In practice, mitigation g...

CVE-2006-5317

PHP remote file inclusion vulnerability in index.php in eboli allows remote attackers to execute arbitrary PHP code via a URL in the contentSpecial parameter...