CVE-2006-3375

PHP remote file inclusion vulnerability in includes/header.inc.php in Randshop 1.1.1 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter...

CVE-2006-3387

CVE-2006-3387 describes a directory traversal vulnerability in Fusion News 1.0. When register_globals is enabled, an attacker can manipulate the fil_config parameter in sources/post.php using a .. sequence to include arbitrary files. This can allow an attacker to execute PHP code that has been in...

CVE-2006-3363

PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter...

CVE-2006-3387

Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when registerglobals is enabled, allows remote attackers to include arbitrary files via a .. dot dot sequence in the filconfig parameter, which can be used to execute PHP code that has been injected into a log file...

CVE-2006-3361

PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the 1 PHPLIBlibdir parameter in studip-phplib/oohforms.inc and 2 ABSOLUTEPATHSTUDIP parameter in studip-htdocs/archivassi.php...

CVE-2006-3362

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in 1 Geeklog 1.4.0 through 1.4.0sr3, 2 toendaCMS 1.0.0 Shizouka Stable and earlier, 3 WeBid 0.5.4, and possibly other products, when installed on Apache with modmime, allows remote...

CVE-2006-3374

PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter...

CVE-2006-3381

SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product...

[UNIX] Stud.IP File Inclusion

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Blog:CMS 4.1 - Thumb.php Remote File Inclusion

Blog:CMS 4.1 - Thumb.php Remote File Inclusion source: https://www.securityfocus.com/bid/18837/info Blog:CMS is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include a...

Randshop 0.9.31.2 - index.php Remote File Inclusion

Randshop 0.9.31.2 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/18809/info Randshop is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...

Randshop 0.9.3/1.2 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/18809/info Randshop is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PH...

free QBoard 1.1 - index.php?qb_path Remote File Inclusion

free QBoard 1.1 - index.php?qbpath Remote File Inclusion source: https://www.securityfocus.com/bid/18788/info The free QBoard script is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include...

Glossaire 1.7 - Remote File Inclusion

Glossaire 1.7 - Remote File Inclusion source: https://www.securityfocus.com/bid/18792/info Glossaire is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary...

Glossaire 1.7 - Remote File Inclusion

source: https://www.securityfocus.com/bid/18792/info Glossaire is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP...

StudIP1302.txt

/------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational facilities and enterprises. http://www.studip.de...

Stud.IP <= 1.3.0-2 Multiple Remote File Include Vulnerabilities

No description provided by source. /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational facilities and...

Stud.IP 1.3.0-2 - Multiple Remote File Inclusions

Stud.IP 1.3.0-2 - Multiple Remote File Inclusions /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Stud.IP Remote File Inclusion Stud.IP is a learning and an information management system for universities, educational...

CVE-2006-3315

PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the osCsid parameter...

FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload

The version of Geeklog installed on the remote host includes an older version of FCKeditor that is enabled by default and allows an unauthenticated attacker to upload arbitrary files containing, say, PHP code, and then to execute them subject to the privileges of the web server user id...