Sql injection

Multiple eval injection vulnerabilities in itpmestimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the projid parameter...

CVE-2008-5071

The CVE-2008-5071 issue affects Yoxel software (version 1.23beta and earlier) where itpm_estimate.php is vulnerable to multiple eval injection flaws. The underlying cause is eval-based code execution triggered by the proj_id parameter, allowing remote authenticated users to run arbitrary PHP code...

CVE-2008-5071

Multiple eval injection vulnerabilities in itpmestimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the projid parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in upload/admin/frontpageright.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter...

CVE-2008-5053

PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader comrssreader 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...

CVE-2008-5060

Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to 1 exportbatch.inc.php, 2 runautosuspend.cron.php, and 3 sendemailcache.php in include/scripts/; 4...

Remote file inclusion

PHP remote file inclusion vulnerability in Admin/ADMPagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter...

CVE-2008-5053

PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader comrssreader 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter...

X10media Mp3 Search Engine <= 1.6 Remote File Disclosure Vulnerability

No description provided by source. THUNDER X10media Mp3 Search Engine v1.5.5 - 1.6 Remote File Disclosure Vulnerability Founded by : THUNDER t4hathotmail.fr Dork: "This search engine is in no way intended for illegal downloads. " File : Download.php...

X10media Mp3 Search Engine 1.6 - Remote File Disclosure

THUNDER X10media Mp3 Search Engine v1.5.5 - 1.6 Remote File Disclosure Vulnerability Founded by : THUNDER Dork: "This search engine is in no way intended for illegal downloads. " File : Download.php =========================================================================================== to rea...

CuteNews aj-fork - path Remote File Inclusion

CuteNews aj-fork - path Remote File Inclusion source: https://www.securityfocus.com/bid/32141/info CuteNews aj-fork is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...

CuteNews aj-fork - 'path' Remote File Inclusion

source: https://www.securityfocus.com/bid/32141/info CuteNews aj-fork is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in t...

WordPress cat Parameter Directory Traversal Vulnerability

WordPress is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...

CVE-2008-4928

Cross-site scripting XSS vulnerability in the redirect function in functions.php in MyBB aka MyBulletinBoard 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a...

CVE-2008-4811

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ backslash before a dollar-sign character...

Code injection

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ backslash before a dollar-sign character...

Code injection

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and 1 a dollar-sign character, aka "php executed in templates;" and 2 a double quoted literal string, aka a "function...

CVE-2008-4811

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ backslash before a dollar-sign character...

CVE-2008-4811

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ backslash before a dollar-sign character...

CVE-2008-4810

The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and 1 a dollar-sign character, aka "php executed in templates;" and 2 a double quoted literal string, aka a "function...