2271 matches found
ACal embed/day.php path Parameter Remote File Inclusion
The remote host is running ACal, an open source, web-based event calendar written in PHP. The version of ACal installed on the remote host fails to sanitize user-supplied input to the 'path' parameter of the 'embed/day.php' script before using it in PHP 'include' functions. Provided PHP's...
CVE-2006-2335
Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...
CVE-2006-2335
Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...
CVE-2006-2281
X-Scripts X-Poll xpoll 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it...
ISPConfig 2.2.22.2.3 - Session.INC.php Remote File Inclusion
ISPConfig 2.2.22.2.3 - Session.INC.php Remote File Inclusion source: https://www.securityfocus.com/bid/17909/info ISPConfig is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this iss...
ISPConfig 2.2.2/2.2.3 - 'Session.INC.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/17909/info ISPConfig is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...
x7chatphp.txt
!/usr/bin/php -q -d shortopentag=on works regardless of magicquotesgpc settings\r\n"; echo " if avatar uploads are enabled default\r\n"; echo "dork: intitle:"X7 Chat Help Center" | "Powered By X7 Chat"\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host:...
CVE-2006-2149
PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIGpath parameter, as demonstrated by including a GIF that contains PHP code...
Fast Click SQL Lite 1.1.21.1.3 - show.php Remote File Inclusion
Fast Click SQL Lite 1.1.21.1.3 - show.php Remote File Inclusion source: https://www.securityfocus.com/bid/17819/info Fast Click SQL Lite is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can...
X7 Chat 2.0 - help_file Remote Command Execution
X7 Chat 2.0 - helpfile Remote Command Execution !/usr/bin/php -q -d shortopentag=on works regardless of magicquotesgpc settings\r\n"; echo " if avatar uploads are enabled default\r\n"; echo "dork: intitle:"X7 Chat Help Center" | "Powered By X7 Chat"\r\n\r\n"; if $argc4 echo "Usage: php...
CVE-2006-2129
Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...
DMCounter 0.9.2 -b - Kopf.php Remote File Inclusion
DMCounter 0.9.2 -b - Kopf.php Remote File Inclusion source: https://www.securityfocus.com/bid/17756/info DMCounter is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...
DMCounter 0.9.2 -b - 'Kopf.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/17756/info DMCounter is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...
Remote file inclusion
PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via 1 README.html or 2 HEADER.html...
CVE-2006-2098
PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via 1 README.html or 2 HEADER.html...
CoolMenus 4.0 - index.php Remote File Inclusion
CoolMenus 4.0 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/17738/info CoolMenus is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include...
I-RATER Platinum - Config_settings.TPL.php Remote File Inclusion
I-RATER Platinum - Configsettings.TPL.php Remote File Inclusion source: https://www.securityfocus.com/bid/17731/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploi...
Artmedic Event - 'index.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/17736/info Artmedic Event is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...
Code injection
actionpublic/search.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "e" execute modifier...
CVE-2006-2005
CVE-2006-2005 affects ClanSys 1.1 (index.php). The vulnerability is an eval injection in the page parameter that allows remote attackers to execute arbitrary PHP code, demonstrated by injecting an include statement into the eval. Some sources describe it as a file inclusion, but the primary issue...