CVE-2008-0635

Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors...

CVE-2008-0566

PHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fullpathtopublicprogram parameter...

CVE-2008-0572

Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MMGLOBALShome parameter to 1 acweb/adminindex.php; and 2 ask.inc.php, 3 learn.inc.php, 4 manage.inc.php, 5 mind.inc.php, and 6 sensory.inc.php in include/...

[OPEN[DSECRG-08-010] VHD Web Pack 2.0 Local File Include

Digital Security Research Group DSecRG Advisory DSECRG-08-010 Application: VHD Web Pack 2.0 Versions Affected: VHD Web Pack 2.0 Vendor URL: http://www.divideconcept.net/index.php?page=vhdwebpack/index.php Bugs: Local File Include Exploits: YES Reported: 28.01.2008 Vendor response: NONE Date of...

VHD Web Pack 2.0 (index.php page) Local File Inclusion Vulnerability

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-010 Application: VHD Web Pack 2.0 Versions Affected: VHD Web Pack 2.0 Vendor URL: http://www.divideconcept.net/index.php?page=vhdwebpack/index.php Bugs: Local File Include Exploits: YES Reported: 28.01.20...

XOOPS 2.0.18 Local File Inclusion / URL Redirecting Vulnerabilities

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-009 Application: XOOPS Versions Affected: XOOPS 2.0.18 Vendor URL: http://www.xoops.org/ Bugs: Local File Include,URL Redirecting phishing Exploits: YES Reported: 28.01.2008 Vendor response: 28.01.2008 Da...

VHD Web Pack 2.0 (index.php page) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ==================================================================== VHD Web Pack 2.0 index.php page Local File Inclusion Vulnerability ==================================================================== Digital Security Research Group...

Design/Logic Flaw

Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter...

CVE-2008-0503

Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter...

CVE-2008-0503

CVE-2008-0503 affects Netwerk Smart Publisher 1.0.1. An eval() failure in admin/op/disp.php allows remote attackers to execute arbitrary PHP code via the filedata parameter, enabling unauthenticated, network-vector exploitation. CVSS 2.0 base score 6.8 ("NETWORK" attack vector, "MEDIUM" complexit...

SQLiteManager confirm.php spaw_root Parameter Remote File Inclusion

The remote host is running SQLiteManager, a web-based application for managing SQLite databases. The version of SQLiteManager installed on the remote host fails to sanitize user-supplied input to the 'spawroot' parameter of the 'spaw/dialogs/confirm.php' script before using it to include PHP code...

Code injection

stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php...

CVE-2008-0390

stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php...

Small Axe Weblog 0.3.1 - 'ffile' Remote File Inclusion

source: https://www.securityfocus.com/bid/27383/info Small Axe Weblog is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in t...

Small Axe Weblog 0.3.1 - ffile Remote File Inclusion

Small Axe Weblog 0.3.1 - ffile Remote File Inclusion source: https://www.securityfocus.com/bid/27383/info Small Axe Weblog is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote...

MyBB forumdisplay.php 'sortby' Parameter Arbitrary PHP Code Execution

The version of MyBB installed on the remote host is affected by an arbitrary PHP code execution vulnerability due to improper sanitization of user-supplied input to the 'sortby' parameter of the forumdisplay.php script before using it in an eval statement to evaluate PHP code. A remote,...

Debian: Security Advisory (DSA-840-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1096-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MyBB < 1.2.11 forumdisplay.php sortby Parameter Command Execution

Binary data 4346.prm...

Debian: Security Advisory (DSA-764-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...