EZContents - 'minicalendar.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/30373/info ezContents CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allo...

Flip 3.0 - 'config.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/30312/info Flip is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the...

Flip 3.0 - config.php Remote File Inclusion

Flip 3.0 - config.php Remote File Inclusion source: https://www.securityfocus.com/bid/30312/info Flip is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of th...

CVE-2008-3207

PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the 1 sourceFolder or 2 moduleFolder parameter...

fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion

The remote host is running fuzzylime cms, a PHP-based content management system. The version of fuzzylime cms installed on the remote host fails to sanitize user-supplied input to the 'files' parameter of the 'commsrss.php' script before using it to include PHP code. Regardless of PHP's...

Community CMS 0.1 - 'include.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/30275/info Community CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow...

Community CMS 0.1 - include.php Remote File Inclusion

Community CMS 0.1 - include.php Remote File Inclusion source: https://www.securityfocus.com/bid/30275/info Community CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code i...

OpenPro 1.3.1 - search_wA.php Remote File Inclusion

OpenPro 1.3.1 - searchwA.php Remote File Inclusion source: https://www.securityfocus.com/bid/30264/info OpenPro is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the...

OpenPro 1.3.1 - 'search_wA.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/30264/info OpenPro is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the...

CVE-2008-3184

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO PHPSELF or 2 the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE:...

CVE-2008-3183

PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/toolbar.php in gapicms 9.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dirDepth parameter...

CVE-2008-3184

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO PHPSELF or 2 the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE:...

yuhhupubs-sql.txt

inurl: browse.groups.php Dork 2 -- inurl:browse.events.php Dork 3 -- browse.music.php Dork 4 -- browse.groups.php / settimelimit0; errorreporting0; echo " Yuhhu Pubs Exploit Coded By RMx USERS EXPLOIT : Örnek :http://www.example.com "; if isset$POST'site' $site=$POST'site';...

Unrestricted file upload

Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the UploadAvatar parameter and sending the image/gif content type...

CVE-2008-3093

Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the UploadAvatar parameter and sending the image/gif content type...

CVE-2008-3093

Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the UploadAvatar parameter and sending the image/gif content type...

Site@School 2.4.10 - FCKeditor Session Hijacking Arbitrary File Upload

Site@School 2.4.10 - FCKeditor Session Hijacking Arbitrary File Upload ?php / ------------------------------------------------------------------------- Site@School = 2.4.10 fckeditor Session Hijacking / File Upload Exploit -------------------------------------------------------------------------...

Site@School 2.4.10 - 'FCKeditor' Session Hijacking / Arbitrary File Upload

?php / ------------------------------------------------------------------------- Site@School = 2.4.10 fckeditor Session Hijacking / File Upload Exploit ------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 allow remote attackers to execute arbitrary PHP code via a URL in the includeconnection parameter to 1 edittopfeature.php and 2 edittopicsfeature.php in phpi/...

CVE-2008-2981

PHP remote file inclusion vulnerability in admin/templates/templatethumbnail.php in HomePH Design 2.10 RC2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumbtemplate parameter...