otalCalendar - about.php?inc_dir Remote File Inclusion

otalCalendar - about.php?incdir Remote File Inclusion source: https://www.securityfocus.com/bid/17618/info TotalCalendar is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit...

[SA19726] Internet Photoshow "page" File Inclusion Vulnerability

TITLE: Internet Photoshow "page" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA19726 VERIFY ADVISORY: http://secunia.com/advisories/19726/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Internet Photoshow 1.x http://secunia.com/product/9409/ DESCRIPTION: Hessam...

Directory traversal

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hubdir parameter, as demonstrated by including accesslog. NOTE: in some cases, arbitrary remot...

CVE-2006-1819

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hubdir parameter, as demonstrated by including accesslog. NOTE: in some cases, arbitrary remot...

CVE-2006-1819

The CVE-2006-1819 issue affects phpWebSite prior to 0.10.2, where the hub_dir parameter in index.php is not properly validated, enabling local file inclusion via include() and possible PHP code execution. The root cause is inadequate verification of hub_dir, which can allow an attacker to referen...

Monster Top List 1.4 - 'functions.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17546/info Monster Top List is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

phpWebFTP index.php language Parameter Local File Inclusion

The remote host is running phpWebFTP, a web-based FTP client written in PHP. The version of phpWebFTP installed on the remote host fails to sanitize user-supplied input to the 'language' parameter of the 'index.php' script before using it in a PHP 'include' function. An unauthenticated attacker m...

Monster Top List 1.4 - functions.php Remote File Inclusion

Monster Top List 1.4 - functions.php Remote File Inclusion source: https://www.securityfocus.com/bid/17546/info Monster Top List is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit thi...

phpBB Admin command execution

On a phpBB board, a user having access to the admin panel is able to execute PHP code: This example will execute $usersig as PHP code: Go to Administration Panel Styles Admin Management subSilver Edit Set "Font Colour 3" to "'./" Profile Set Signature to...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when registerglobals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settingsdir parameter...

CVE-2006-1784

PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when registerglobals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settingsdir parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group AZDG AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the intpath parameter in 1 vote.php, 2 view.php, 3 admin.php, and 4 admin/index.php...

Remote file inclusion

PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the themepath parameter in 1 index.php, 2 becomeeditor.php, 3 add.php, 4 badlink.php, 5 browse.php, 6 detail.php, 7 fav.php, 8 getrated.php,...

Remote file inclusion

PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well...

[SA19630] AzDGVote "int_path" File Inclusion Vulnerabilities

TITLE: AzDGVote "intpath" File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA19630 VERIFY ADVISORY: http://secunia.com/advisories/19630/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: AzDGVote 1.x http://secunia.com/product/9312/ DESCRIPTION: SnIpErSA has discover...

[eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities

New eVuln Advisory: QLnews XSS and PHP Code Insertion Vulnerabilities http://evuln.com/vulns/113/summary.html --------------------Summary---------------- eVuln ID: EV0113 CVE: CVE-2006-1575 CVE-2006-1576 Software: QLnews Sowtware's Web Site: http://www.vscripts.pl/ Versions: 1.2 Critical Level:...

[eVuln] VNews Multiple Vulnerabilities

New eVuln Advisory: VNews Multiple Vulnerabilities http://evuln.com/vulns/112/summary.html --------------------Summary---------------- eVuln ID: EV0112 CVE: CVE-2006-1543 CVE-2006-1544 CVE-2006-1545 Software: VNews Sowtware's Web Site: http://www.vscripts.pl/?id=vnews Versions: 1.2 Critical Level...

[eVuln] [V]Book Multiple Vulnerabilities

New eVuln Advisory: VBook Multiple Vulnerabilities http://evuln.com/vulns/111/summary.html --------------------Summary---------------- eVuln ID: EV0111 CVE: CVE-2006-1561 CVE-2006-1562 CVE-2006-1563 Software: VBook Sowtware's Web Site: http://www.vscripts.pl/?id=vbook2 Versions: 2.0 Critical Leve...

Remote file inclusion

PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter...