CVE-2002-2134

haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file...

CVE-2002-2128

editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. dot dot sequences in the file parameter...

CVE-2002-2128

CVE-2002-2128 affects editform.php in w-Agora 4.1.5, enabling local users to run arbitrary PHP code via .. sequences in the file parameter (path traversal). Documented by NVD and Red Hat/CVE listings; CVSSv2 base score 4.6 (LOCAL access, LOW attack complexity, PARTIAL confidentiality/integrity/av...

CVE-2003-1251

CVE-2003-1251 affects the N/X Web Content Management System. The vulnerable scripts are (1) menu.inc.php, (2) datasets.php, and (3) mass_operations.inc.php (often misspelled as mass_opeations.inc.php). The vulnerability arises from a remote-file-include flaw where a c_path references a URL on a r...

CVE-2003-1241

Cross-site scripting vulnerability XSS in 1 adminindex.php, 2 adminpass.php, 3 adminmodif.php, and 4 adminsuppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via...

CVE-2002-2130

publishxpdocs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERYBASEDIR parameter to reference a URL on a remote web server that contains the code...

CVE-2003-1256

afflistelangue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the repinclude parameter to reference a URL on a remote web server that contains paralangue.php...

CodeGrrl Applications Remote File Inclusion Vulnerabilities

The remote host appears to be running at least one of the PHP applications from CodeGrrl - PHPCalendar, PHPClique, PHPFanBase, or PHPQuotes. Under certain conditions, these applications fail to sanitize input to the 'siteurl' parameter of the 'protection.php' script before using it in a PHP...

Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)

The remote host is running Exponent CMS, an open source content management system written in PHP. The version of Exponent CMS installed on the remote host fails to sanitize input to the 'id' parameter of the resource module before using it in database queries. An unauthenticated attacker can...

Alstrasoft Template Seller Pro 3.25 - Remote File Inclusion

source: https://www.securityfocus.com/bid/15441/info Template Seller Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code on an...

Alstrasoft Template Seller Pro 3.25 - Remote File Inclusion

Alstrasoft Template Seller Pro 3.25 - Remote File Inclusion source: https://www.securityfocus.com/bid/15441/info Template Seller Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit...

OSTE 1.0 - Remote File Inclusion

OSTE 1.0 - Remote File Inclusion source: https://www.securityfocus.com/bid/15340/info OSTE is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PH...

CuteNews Multiple Script Traversal Privilege Escalation

The version of CuteNews installed on the remote host fails to sanitize input to the 'template' parameter of the 'showarchives.php' and 'shownews.php' scripts. An attacker can exploit this issue to read arbitrary files and possibly even execute arbitrary PHP code on the remote host, subject to the...

Calendarix Advanced <= 1.5 Multiple Vulnerabilities - Active Check

Calendarix is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2005 Josh Zlatin-Amishav Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

phpGedView Code injection Vulnerability

The remote host is running phpGedView, a set of CGI scripts which parse GEDCOM 5.5 genealogy files and display them on the internet in a format similar to desktop programs. There are multiple vulnerabilities in this product : - A path disclosure vulnerability, which will give more information abo...

osTicket < 1.2.7 Attachment Code Execution Vulnerability - Active Check

The target is running at least one instance of osTicket that enables a remote user to open a new ticket with an attachment containing arbitrary PHP code and then to run that code using the permissions of the web server user. SPDX-FileCopyrightText: 2005 George A. Theall Some text descriptions mig...

CVE-2005-3420

usercpregister.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signaturebbcodeuid parameter, as demonstrated by injecting an "e" modifier into a pregreplace statement...

CVE-2005-3420

usercpregister.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signaturebbcodeuid parameter, as demonstrated by injecting an "e" modifier into a pregreplace statement...

PHP iCalendar index.php phpicalendar Parameter Remote File Inclusion

The remote host appears to be running PHP iCalendar, a web-based iCal file viewer / parser written in PHP. The version of PHP iCalendar installed on the remote host fails to sanitize the 'phpicalendar' cookie before using it in 'index.php' to include PHP code from a separate file. By leveraging...

CVE-2005-3304

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via 1 the username parameter in the Your Account page, 2 the url parameter in the Downloads module, and 3 the description parameter in the WebLinks module...