Advanced Login <= 0.7 (root) Remote File Inclusion Vulnerability

No description provided by source. ------------------------------------------------------------------------------ Advanced Login = 0.7 root Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a Bithedz Date...

Advanced Login &lt;= 0.7 &#40;root&#41; Remote File Inclusion Vulnerability

------------------------------------------------------------------------------ Advanced Login = 0.7 root Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a Bithedz Date Found : Maret, 29th 2007 Location :...

Advanced Login &lt;= 0.7 (root) Remote File Inclusion Vulnerability

No description provided by source. ------------------------------------------------------------------------------ Advanced Login = 0.7 root Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a Bithedz Date...

Advanced Login <= 0.7 (root) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================ Advanced Login = 0.7 root Remote File Inclusion Vulnerability ================================================================...

Advanced Login 0.7 - root Remote File Inclusion

Advanced Login 0.7 - root Remote File Inclusion ------------------------------------------------------------------------------ Advanced Login = 0.7 root Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a...

CVE-2007-1695

PHP remote file inclusion vulnerability in includes/usercpregister.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant...

Unrestricted file upload

Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magicquotesgpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the 1 calendar or 2 file management module, or possibly...

CVE-2007-1639

Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magicquotesgpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the 1 calendar or 2 file management module, or possibly...

CVE-2007-1639

PHProjekt 5.2.0 contains an unrestricted file upload vulnerability (CVE-2007-1639) that allows an authenticated user to upload a PHP payload and execute code via a file with an executable extension, when magic_quotes_gpc is disabled. The issue can be triggered through modules such as calendar or ...

CVE-2007-1639

Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magicquotesgpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the 1 calendar or 2 file management module, or possibly...

Code injection

Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System NPDS 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php...

CVE-2007-1636

CVE-2007-1636 affects RoseOnlineCMS 3 B1 and is described as a directory traversal vulnerability in index.php. The vulnerability allows remote attackers to include arbitrary files by using a .. sequence in the op parameter, with demonstrated impact involving injection of PHP code into Apache log ...

Unrestricted file upload

Multiple unrestricted file upload vulnerabilities in w-Agora Web-Agora allow remote attackers to upload and execute arbitrary PHP code 1 via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or 2 by using browseavatar.php to upload a file with a double...

CVE-2007-1604

Multiple unrestricted file upload vulnerabilities in w-Agora Web-Agora allow remote attackers to upload and execute arbitrary PHP code 1 via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or 2 by using browseavatar.php to upload a file with a double...

CVE-2006-7174

PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter. NOTE: this may be the same issue as CVE-2006-5235...

CVE-2007-1539

Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. dot dot sequence in the modulename parameter, as demonstrated via a static PHP code injection attack in an Apache log file...

Code injection

Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the 1 adminmail, 2 emotpatch, 3 login, 4 pass, and unspecified other parameters. NOTE: the provenance of this...

CVE-2007-1539

The CVE-2007-1539 entry concerns a Directory traversal vulnerability in the pragmaMX Landkarten 2.1 module, specifically in inc/map.func.php, where an attacker can include arbitrary files through a .. sequence in the module_name parameter. This was demonstrated via a static PHP code injection in ...

CVE-2007-1539

Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. dot dot sequence in the modulename parameter, as demonstrated via a static PHP code injection attack in an Apache log file...

Directory traversal

Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. dot dot in the settingsskin parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via...