CVE-2008-6402

PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the moddir parameter...

Mandrake Security Advisory MDVSA-2009:052 (php-smarty)

The remote host is missing an update to php-smarty announced via advisory MDVSA-2009:052. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

CVE-2008-6305

PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the APIHOMEDIR parameter...

CVE-2008-6251

PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter...

Pyrophobia 2.1.3.1 LFI Command Execution Exploit

Exploit for unknown platform in category web applications ================================================ Pyrophobia 2.1.3.1 LFI Command Execution Exploit ================================================ !/usr/bin/perl...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2008-6223

PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior WOTW 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php...

Code injection

Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party...

CVE-2008-6206

Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENTROOT parameter to 1 graph.php and 2 robotstats.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...

RavenNuke avartarlist.php模块PHP代码注入漏洞

BUGTRAQ ID: 33787 RavenNuke是基于PHP和MySQL的自动新闻发布和内容管理系统。 RavenNuke的avatarlist.php模块没有正确地验证对pregreplace调用所传送的patterns和replacements参数，远程攻击者可以通过向服务器提交恶意请求导致注入并执行任意PHP代码。以下是有漏洞的代码段： $patterns0 = '/.gif/'; $patterns1 = '/.png/'; ... $replacements1 = ''; $replacements0 = ''; ... $entryname =...

lastRSS autoposting bot MOD 0.1.3 - phpbb_root_path Remote File Inclusion

lastRSS autoposting bot MOD 0.1.3 - phpbbrootpath Remote File Inclusion source: https://www.securityfocus.com/bid/33843/info lastRSS autoposting bot MOD is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit...

PHCDownload 1.1.0 Vulnerabilities

A file content management and manipulation system unlike any other available on the market today, with unique innovations, tools, and design, customising and producing your database is made easy. PHCDownload has been designed for integration into existing websites with its highly customisable...

lastRSS autoposting bot MOD 0.1.3 - 'phpbb_root_path' Remote File Inclusion

source: https://www.securityfocus.com/bid/33843/info lastRSS autoposting bot MOD is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP co...

CVE-2009-0643

CVE-2009-0643 describes a static code injection in Simple PHP News 1.0 final. An attacker can inject arbitrary PHP code into news.txt via the post parameter and then trigger execution by requesting display.php, indicating a combination of unsafeguarded input handling and file-based code execution...

CVE-2009-0643

Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party...

Code injection

Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the 1 title or 2 date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is...

RavenNuke 2.3.0 Multiple Remote Vulnerabilities

No description provided by source. waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 16. February 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-72.htm...

RavenNuke 2.3.0 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications =============================================== RavenNuke 2.3.0 Multiple Remote Vulnerabilities =============================================== waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0...

CVE-2008-6138

PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathdocroot parameter...