CVE-2006-3949

PHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component comartlinks for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2006-3911

PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the csspath parameter in 1 help.php and 2 setup/header.php...

CVE-2006-3773

PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component comsmf For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2006-3683

PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...

MiniBB 1.5 - news.php Remote File Inclusion

MiniBB 1.5 - news.php Remote File Inclusion source: https://www.securityfocus.com/bid/19095/info MiniBB is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing...

PT-2006-4558 · Enduser · Listmessenger

Name of the Vulnerable Software and Affected Versions: ListMessenger version 0.9.3 Description: A remote file inclusion issue in enduser/listmessenger.php allows remote attackers to execute arbitrary PHP code via a URL in the lm path parameter. However, the vendor has disputed this issue, stating...

CVE-2006-3421

PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in 1 comment.php, 2 admin/comedit.php, 3 admin/test.php, 4 admin/index.php, and 5 admin/include/incadminfoot.php, ...

CVE-2006-3375

PHP remote file inclusion vulnerability in includes/header.inc.php in Randshop 1.1.1 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter...

CVE-2006-3363

PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter...

CVE-2006-3374

PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter...

FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload

The version of Geeklog installed on the remote host includes an older version of FCKeditor that is enabled by default and allows an unauthenticated attacker to upload arbitrary files containing, say, PHP code, and then to execute them subject to the privileges of the web server user id...

[ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion

ECHO.OR.ID ECHOADV34$2006 --------------------------------------------------------------------------------------------------- ECHOADV34$2006 W-Agora Web-Agora = 4.2.0 incdir Remote File Inclusion ---------------------------------------------------------------------------------------------------...

CVE-2006-3172

Multiple PHP remote file inclusion vulnerabilities in ContentBuilder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash / character in the 1 langpath parameter to a cms/plugins/colman/column.inc.php, b cms/plugins/poll/poll.inc.php, c...

Code injection

CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files...

CVE-2006-3019

Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMSINCLUDEPATH parameter to files in parser/include/ including 1 class.parserphpcms.php, 2 class.sessionphpcms.php, 3 class.editphpcms.php, 4...

CVE-2006-3028

PHP remote file inclusion vulnerability in statmodules/usersage/module.php in Minerva 2.0.8a Build 237 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

Adaptive Website Framework 1.11 - Remote File Inclusion

Adaptive Website Framework 1.11 - Remote File Inclusion source: https://www.securityfocus.com/bid/18386/info Adaptive Website Framework is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can...

CVE-2006-2928

Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter in 1 dialogs/img.php and 2 dialogs/td.php...

CVE-2006-2888

PHP remote file inclusion vulnerability in wk/wklang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WKwkPath parameter...

Immunity Canvas: DOKUWIKI_EXEC

Name| dokuwikiexec ---|--- CVE| CVE-2006-2878 Exploit Pack| CANVAS Description| DokuWiki Spell Checker Embedded Link Arbitrary PHP Code Execution Notes| CVE Name: CVE-2006-2878 VENDOR: DokuWiki Repeatability: Infinite References: 'http://www.hardened-php.net/advisory042006.119.html' CVSS: 7.5 DOR...