CVE-2006-2137

PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classesdir parameter...

X7 Chat 2.0 - help_file Remote Command Execution

X7 Chat 2.0 - helpfile Remote Command Execution !/usr/bin/php -q -d shortopentag=on works regardless of magicquotesgpc settings\r\n"; echo " if avatar uploads are enabled default\r\n"; echo "dork: intitle:"X7 Chat Help Center" | "Powered By X7 Chat"\r\n\r\n"; if $argc4 echo "Usage: php...

CVE-2006-2129

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

Code injection

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

CVE-2006-2129

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

DMCounter 0.9.2 -b - 'Kopf.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17756/info DMCounter is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...

DMCounter 0.9.2 -b - Kopf.php Remote File Inclusion

DMCounter 0.9.2 -b - Kopf.php Remote File Inclusion source: https://www.securityfocus.com/bid/17756/info DMCounter is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...

Remote file inclusion

PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via 1 README.html or 2 HEADER.html...

CVE-2006-2098

PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via 1 README.html or 2 HEADER.html...

Artmedic Event - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17736/info Artmedic Event is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

CoolMenus 4.0 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17738/info CoolMenus is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...

I-RATER Platinum - 'Config_settings.TPL.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17731/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

I-RATER Platinum - Config_settings.TPL.php Remote File Inclusion

I-RATER Platinum - Configsettings.TPL.php Remote File Inclusion source: https://www.securityfocus.com/bid/17731/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploi...

CoolMenus 4.0 - index.php Remote File Inclusion

CoolMenus 4.0 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/17738/info CoolMenus is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include...

Code injection

actionpublic/search.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "e" execute modifier...

CVE-2006-2059

actionpublic/search.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "e" execute modifier...

Sql injection

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by som...

CVE-2006-2005

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by som...

CVE-2006-2005

CVE-2006-2005 affects ClanSys 1.1 (index.php). The vulnerability is an eval injection in the page parameter that allows remote attackers to execute arbitrary PHP code, demonstrated by injecting an include statement into the eval. Some sources describe it as a file inclusion, but the primary issue...