Echo Security Advisory 2007.74

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV74$2007 ------------------------------------------------------------------------------------- ECHOADV74$2007 WebCreator ---------------------------------------------------------- Input passed to the "$moddir"...

Remote file inclusion

PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter...

Activist Mobilization Platform (AMP) 3.2 - Remote File Inclusion

Activist Mobilization Platform AMP 3.2 - Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV71$2007 --------------------------------------------------------------------------- ECHOADV71$2007 AMP v3.2 basepath Remote File Inclusion...

WebCreator 0.2.6-rc3 - 'moddir' Remote File Inclusion

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV74$2007 ------------------------------------------------------------------------------------- ECHOADV74$2007 WebCreator ---------------------------------------------------------- Input passed to the "$moddir"...

Activist Mobilization Platform (AMP) 3.2 - Remote File Inclusion

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV71$2007 --------------------------------------------------------------------------- ECHOADV71$2007 AMP v3.2 basepath Remote File Inclusion Vulnerability...

CARE2X 1.1 - 'ROOT_PATH' Remote File Inclusion

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV72$2007 ------------------------------------------------------------------------- ECHOADV72$2007 CARE2X rootpath Remote File Inclusion Vulnerability --------------------------...

WebCreator 0.2.6-rc3 - moddir Remote File Inclusion

WebCreator 0.2.6-rc3 - moddir Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV74$2007 ------------------------------------------------------------------------------------- ECHOADV74$2007 WebCreator...

CARE2X 1.1 - ROOT_PATH Remote File Inclusion

CARE2X 1.1 - ROOTPATH Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV72$2007 ------------------------------------------------------------------------- ECHOADV72$2007 CARE2X rootpath Remote File Inclusion Vulnerability...

Code injection

Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information...

CVE-2007-1394

Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information...

CVE-2007-1394

The CVE-2007-1394 entry concerns Flat Chat 2.0. It describes a direct static code injection vulnerability in startsession.php, where the Chat Name field is inserted into online.txt and subsequently included by users.php. The root cause is unsafely incorporating user-provided input into executable...

Premod SubDog 2 - '/includes/themen_portal_mitte.php?phpbb_root_path' Remote File Inclusion

source: https://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may...

Premod SubDog 2 - '/includes/functions_kb.php?phpbb_root_path' Remote File Inclusion

source: https://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may...

Premod SubDog 2 - includesthemen_portal_mitte.php?phpbb_root_path Remote File Inclusion

Premod SubDog 2 - includesthemenportalmitte.php?phpbbrootpath Remote File Inclusion source: https://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing...

Premod SubDog 2 - includeslogger_engine.php?phpbb_root_path Remote File Inclusion

Premod SubDog 2 - includesloggerengine.php?phpbbrootpath Remote File Inclusion source: https://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicio...

SoftNews 4.1/5.5 - '/engine/init.php?root_dir' Remote File Inclusion

source: https://www.securityfocus.com/bid/22913/info DataLife Engine is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may...

Premod SubDog 2 - '/includes/logger_engine.php?phpbb_root_path' Remote File Inclusion

source: https://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may...

Premod SubDog 2 - includesfunctions_kb.php?phpbb_root_path Remote File Inclusion

Premod SubDog 2 - includesfunctionskb.php?phpbbrootpath Remote File Inclusion source: https://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing maliciou...

CVE-2006-7156

PHP remote file inclusion vulnerability in addonkeywords.php in Keyword Replacer keywordreplacer 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter...

CVE-2006-7148

PHP remote file inclusion vulnerability in includes/bbusagestats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbbrootpath parameter. NOTE: this might be the same issues as CVE-2006-4893...