7195 matches found
GLSA-200606-16 : DokuWiki: PHP code injection
The remote host is affected by the vulnerability described in GLSA-200606-16 DokuWiki: PHP code injection Stefan Esser discovered that the DokuWiki spell checker fails to properly sanitize PHP's 'complex curly syntax'. Impact : A unauthenticated remote attacker may execute arbitrary PHP commands ...
CVE-2006-3019
Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMSINCLUDEPATH parameter to files in parser/include/ including 1 class.parserphpcms.php, 2 class.sessionphpcms.php, 3 class.editphpcms.php, 4...
CVE-2006-3019
Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMSINCLUDEPATH parameter to files in parser/include/ including 1 class.parserphpcms.php, 2 class.sessionphpcms.php, 3 class.editphpcms.php, 4...
CVE-2006-3028
PHP remote file inclusion vulnerability in statmodules/usersage/module.php in Minerva 2.0.8a Build 237 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
ISPConfig 2.2.3 - Multiple Remote File Inclusions
ISPConfig 2.2.3 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/18441/info ISPConfig is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these...
RahnemaCo - page.php Remote File Inclusion
RahnemaCo - page.php Remote File Inclusion source: https://www.securityfocus.com/bid/18435/info RahnemaCo is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the...
RahnemaCo - 'page.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/18435/info RahnemaCo is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker ...
phpBB - BBRSS.php Remote File Inclusion
phpBB - BBRSS.php Remote File Inclusion source: https://www.securityfocus.com/bid/18432/info The bbrss plugin for PhpBB is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the conte...
DokuWiki: PHP code injection
Background DokuWiki is a simple to use wiki targeted at developer teams, workgroups and small companies. Description Stefan Esser discovered that the DokuWiki spell checker fails to properly sanitize PHP's "complex curly syntax". Impact A unauthenticated remote attacker may execute arbitrary PHP...
CVE-2006-2908
The domecode function in inc/functionspost.php in MyBulletinBoard MyBB 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a pregreplace function call with a /e executable modifier...
CVE-2006-2908
The domecode function in inc/functionspost.php in MyBulletinBoard MyBB 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a pregreplace function call with a /e executable modifier...
DoubleSpeak 0.1 - Multiple Remote File Inclusions
DoubleSpeak 0.1 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/18401/info DoubleSpeak is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these...
Simpnews 2.x - Wap_short_news.php Remote File Inclusion
Simpnews 2.x - Wapshortnews.php Remote File Inclusion source: https://www.securityfocus.com/bid/18410/info Simpnews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...
Simpnews 2.x - 'Wap_short_news.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/18410/info Simpnews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PH...
DoubleSpeak 0.1 - Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/18401/info DoubleSpeak is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containi...
Foing 0.x - Remote File Inclusion
Foing 0.x - Remote File Inclusion source: https://www.securityfocus.com/bid/18392/info Foing is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remo...
Adaptive Website Framework 1.11 - Remote File Inclusion
source: https://www.securityfocus.com/bid/18386/info Adaptive Website Framework is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files...
Foing 0.x - Remote File Inclusion
source: https://www.securityfocus.com/bid/18392/info Foing is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP...
Adaptive Website Framework 1.11 - Remote File Inclusion
Adaptive Website Framework 1.11 - Remote File Inclusion source: https://www.securityfocus.com/bid/18386/info Adaptive Website Framework is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can...
RCblog 1.03 - 'POST' Remote Command Execution
!/usr/bin/perl $App : RCblog "; $socket = IO::Socket::INET-newProto="tcp", PeerAddr="$server", PeerPort="http80" || die "- Cannot not connect to host !\n"; print $socket "GET ".$path.$pcode." HTTP/1.1\r\n"; print $socket "User-Agent: ".$pcode."\r\n"; print $socket "Host: ".$server."\r\n"; print...