CVE-2009-3056

PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGAdminPath parameter...

Sql injection

SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO...

CVE-2008-7153

SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Specimen Image Database SID, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to 1 client.php or 2 taxonservice.php...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code...

CVE-2008-7151

Cross-site request forgery CSRF vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code...

Code injection

Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte %00 in the login parameter in an ajout action, which bypasses the regular expression check...

Design/Logic Flaw

Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-7099

Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-7099

Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote attackers to execute arbitrary PHP code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-7099

CVE-2008-7099 concerns a vulnerability in the Manage Templates feature of Qsoft K-Rate Premium that could allow remote attackers to execute arbitrary PHP code. The available sources identify the affected product as Qsoft K-Rate Premium and specify the vulnerability as arising in the Manage Templa...

CVE-2008-7087

PHP remote file inclusion vulnerability in searchwA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter...

SA-CONTRIB-2009-054 - Go - url redirects - Multiple vulnerabilities

The Go - url redirects gotwo module adds the option to add redirected URLs. This module was found to have multiple vulnerabilities. Arbitrary PHP code execution Due to improper use of the PCRE regular expression engine, users with permission to use the input filter provided by the module are able...

eLinks SQL Injection / XSS / LFI

===================================================================== eLinks Vulnerabilities blind sql inj / xss / LFI by Inj3ct0r.com ===================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ ...

Sphider 1.4.3 Command Execution

=============================== sphider Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 + Discovered By : Inj3ct0r + Site : Inj3ct0r.com + support e-mail : submitatinj3ct0r.com Username and...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/plugins/OnlineUsers/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSPTConfigdirdata parameter...

CVE-2008-7073

PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web Ma,esher, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter...

CVE-2008-7067

The CVE-2008-7067 issue affects PageTree CMS 0.0.2 BETA 0001, where a PHP remote file inclusion is possible through the parameter GLOBALS[PT_Config][dir][data] in admin/plugins/Online_Users/main.php. This allows an attacker to execute arbitrary PHP code on the server. The vulnerability is evidenc...

GLSA-200908-09 : DokuWiki: Local file inclusion

The remote host is affected by the vulnerability described in GLSA-200908-09 DokuWiki: Local file inclusion girex reported that data from the 'configcascade' parameter in inc/init.php is not properly sanitized before being used. Impact : A remote attacker could exploit this vulnerability to execu...

CVE-2008-7005

include/modules/top/1-randomquote.php in Minb Is Not a Blog minb 0.1.0 allows remote attackers to execute arbitrary PHP code via the quotestoedit parameter. NOTE: this issue has been reported as an unrestricted file upload by some sources, but that is a potential consequence of code execution...