Unrestricted file upload

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg...

CVE-2007-3432

Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename...

CVE-2007-3429

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg...

Unrestricted file upload

Unrestricted file upload vulnerability in upload.php in dreamLog aka dreamblog 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile parameter...

CVE-2007-3403

Unrestricted file upload vulnerability in upload.php in dreamLog aka dreamblog 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile parameter...

CVE-2007-3403

Unrestricted file upload vulnerability in upload.php in dreamLog aka dreamblog 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile parameter...

Powl 0.94 (htmledit.php) Remote File Inclusion Vulnerability

No description provided by source. !/usr/bin/perl POWL - 0.94 - Remote File Inclusion Exploit Url: http://switch.dl.sourceforge.net/sourceforge/powl/powlontowiki-0.94.zip Exploit: http://site.com/path/plugins/widgets/htmledit/htmledit.php?POWLinstallPath=EvilScript: coded and f0und3d by kw3rln...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myeventpath parameter. NOTE: a reliable third party disputes this issue, saying "the entire file is a class...

Joomla! / Mambo Component Mod_Forum - 'PHPBB_Root.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/24591/info The 'modforum' component for Joomla and Mambo is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containin...

CVE-2007-3325

PHP remote file inclusion vulnerability in lib/language.php in LAN Management System LMS 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205...

CVE-2007-3309

Unspecified vulnerability in Simple Machines Forum SMF 1.1.2 allows remote attackers to execute arbitrary PHP code during 1 creation or 2 editing of a message...

Code injection

Unspecified vulnerability in Simple Machines Forum SMF 1.1.2 allows remote attackers to execute arbitrary PHP code during 1 creation or 2 editing of a message...

CVE-2007-3309

The CVE-2007-3309 entry concerns Simple Machines Forum (SMF) 1.1.2, where a vulnerability enables remote attackers to execute arbitrary PHP code during (1) message creation or (2) message editing. The available sources identify the affected software/version and the code-execution risk but do not ...

CVE-2007-3309

Unspecified vulnerability in Simple Machines Forum SMF 1.1.2 allows remote attackers to execute arbitrary PHP code during 1 creation or 2 editing of a message...

CVE-2007-3292

Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article...

Unrestricted file upload

Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article...

Remote file inclusion

PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter...

PHProjekt: Multiple vulnerabilities

Background PHProjekt is a project management and coordination tool written in PHP. Description Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in PHProjekt, including the execution of arbitrary SQL commands using unknown vectors CVE-2007-1575, the execution of arbitrary PHP...

CVE-2007-3240

Cross-site scripting XSS vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI REQUESTURI that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session...

CVE-2007-3236

PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfigrootpath parameter...