7219 matches found
PHP Photo Album <= (0.4.1.16) Multiple Disclosure Vulnerabilities
Exploit for php platform in category web applications ---------------------------------------------------------------- PHP Photo Album = 0.4.1.16 Multiple Disclosure Vulnerabilities ---------------------------------------------------------------- Exploit Title: PHP Photo Album = 0.4.1.16 Multiple...
Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection
-------------------------------------------------------------------- Dolphin = 7.0.7 membermenuqueries.php Remote PHP Code Injection -------------------------------------------------------------------- author...............: EgiX mail.................: n0b0d13satgmaildotcom software link........:...
FreeBSD : phpLDAPadmin -- Remote PHP code injection vulnerability (edf47177-fe3f-11e0-a207-0014a5e3cda6)
EgiX n0b0d13s at gmail dot com reports : The $sortby parameter passed to 'masort' function in file lib/functions.php isn't properly sanitized before being used in a call to createfunction at line 1080. This can be exploited to inject and execute arbitrary PHP code. The only possible attack vector...
phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1)
phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection 1 ?php / ------------------------------------------------------------------------ phpLDAPadmin = 1.2.1.1 queryengine Remote PHP Code Injection Exploit ------------------------------------------------------------------------ author...............:...
phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection
Exploit for php platform in category web applications ?php / ------------------------------------------------------------------------ phpLDAPadmin = 1.2.1.1 queryengine Remote PHP Code Injection Exploit ------------------------------------------------------------------------ author..................
Joomla NoNumber! Extension Manager Plugin Local File Include and PHP code Injection Vulnerabilities
NoNumber! Extension Manager is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user- supplied input. An attacker can exploit these issues to inject arbitrary PHP code and include and execute arbitrary files from the vulnerable system in the context of the...
MODx < 2.0.3-pl class_key Parameter Local File Inclusion
The version of MODx installed on the remote host fails to sanitize user-supplied input to the 'classkey' parameter of the 'manager/controllers/default/resource/tvs.php' script before using it to include PHP code. Using a specially crafted request, a remote, unauthenticated attacker may be able to...
Joomla NoNumber! Extension Manager Plugin LFI and PHP Code Injection Vulnerabilities (Nov 2011) - Active Check
NoNumber! Extension Manager is prone to multiple input validation vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to inject arbitrary PHP code and include and execute arbitrary files from the vulnerable system in the context of the...
Dolphin 7.0.7 PHP Code Injection
$aItems 8...
Dolphin 7.0.7 - member_menu_queries.php Remote PHP Code Injection
Dolphin 7.0.7 - membermenuqueries.php Remote PHP Code Injection ?php / ---------------------------------------------------------------------------- Dolphin = 7.0.7 membermenuqueries.php Remote PHP Code Injection Exploit ----------------------------------------------------------------------------...
Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection
Exploit for php platform in category web applications ?php / ---------------------------------------------------------------------------- Dolphin = 7.0.7 membermenuqueries.php Remote PHP Code Injection Exploit ----------------------------------------------------------------------------...
5w five-dimensional Site Navigation v8. 0 vulnerabilities and fixes-vulnerability warning-the black bar safety net
// upload\i\index.php ? php //Slightly $controller = ! empty$GET'c' ? $GET'c' : 'index'; $action = ! empty$GET'a' ? $GET'a' : 'index'; // //cookie to automatically log and determines the uri if isset$COOKIE'cUser' && $COOKIE'cUser''userID' != 0 $userID = GetCUserID; $domain = GetCUserDomain; $sql...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the classpath parameter to 1 file.php or 2 comdel.php...
CVE-2010-4924
PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party...
CVE-2010-4914
PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter...
CVE-2010-4918
PHP remote file inclusion vulnerability in iJoomla Magazine commagazine component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php...
Remote file inclusion
PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter...
CVE-2010-4918
PHP remote file inclusion vulnerability in iJoomla Magazine commagazine component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php...
CVE-2010-4918
CVE-2010-4918 affects the Joomla! extension iJoomla Magazine (com_magazine) version 3.0.1, where a PHP Remote File Inclusion (RFI) vulnerability in magazine.functions.php allows an attacker to execute arbitrary PHP code via the config parameter in a URL. The underlying issue is an unchecked confi...
CVE-2010-4878
PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpfad parameter...