Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to 1 flatread.php, 2 post.php, 3 processpost.php, 4 processsearch.php, 5 forum.php, 6 processsubscribe.php, 7 read.php, 8...

YapBB 1.2 - class_yapbbcooker.php Remote File Inclusion

YapBB 1.2 - classyapbbcooker.php Remote File Inclusion source: https://www.securityfocus.com/bid/30686/info YapBB is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...

YapBB 1.2 - 'class_yapbbcooker.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/30686/info YapBB is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context ...

Datafeed Studio - patch.php Remote File Inclusion

Datafeed Studio - patch.php Remote File Inclusion source: https://www.securityfocus.com/bid/30659/info Datafeed Studio is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...

Datafeed Studio - 'patch.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/30659/info Datafeed Studio is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in th...

CVE-2008-3575

PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSgsLanguage parameter, a different vector than CVE-2006-4477 and CVE-2004-0132...

e107 <= 0.7.11 Arbitrary Variable Overwriting Vulnerability

Exploit for unknown platform in category web applications =========================================================== e107 = 0.7.11 Arbitrary Variable Overwriting Vulnerability =========================================================== GulfTech Security Research August 07, 2008 Vendor : Steve...

e107 download.php extract() Function Variable Overwrite

The version of e107 installed on the remote host contains an unsafe call to 'extract' in the 'download.php' script. An unauthenticated, remote attacker can leverage this issue to overwrite arbitrary PHP variables, leading to arbitrary PHP code execution, SQL injection, as well as other sorts of...

e107 &lt; 0.7.11 - Arbitrary Variable Overwriting

GulfTech Security Research August 07, 2008 Vendor : Steve Dunstan URL : http://www.e107.org/ Version : e107 = 0.7.11 Risk : Arbitrary Variable Overwriting Description: e107 is a popular full featured content management system written in php. Unfortunately e107 suffers from an arbitrary variable...

Pligg settemplate.php template Parameter Local File Inclusion

The remote host is running Pligg, an open source content management system. The installed version of Pligg fails to sanitize the 'template' cookie before using it in 'config.php' to include PHP code. An unauthenticated, remote attacker can exploit this issue to view arbitrary files or even execut...

H0tturk Panel - &#039;gizli.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/30468/info H0tturk Panel is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the...

H0tturk Panel - gizli.php Remote File Inclusion

H0tturk Panel - gizli.php Remote File Inclusion source: https://www.securityfocus.com/bid/30468/info H0tturk Panel is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...

Remote file inclusion

PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter...

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg alertdocument.cookie; The above example link would display the end users cookie to them. Of course this can also be use...

Pligg CMS 9.9.0 - Remote Code Execution

Pligg CMS 9.9.0 - Remote Code Execution !/usr/bin/perl -w use LWP::UserAgent; use MIME::Base64; use Digest::MD5 qwmd5hex; use Getopt::Std; getopts'h:', %args; print "\n"; print " Pligg new; $http-agent'Mozilla/5.0 Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1 Gecko/2008070208 Firefox/3.0.1';...

Remote file inclusion

PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter...

CVE-2008-3298

SocialEngine SE before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code...

Code injection

SocialEngine SE before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code...

CVE-2008-3298

SocialEngine SE before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code...

EZContents - minicalendar.php Remote File Inclusion

EZContents - minicalendar.php Remote File Inclusion source: https://www.securityfocus.com/bid/30373/info ezContents CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in...