7218 matches found
e107 download.php extract() Function Variable Overwrite
The version of e107 installed on the remote host contains an unsafe call to 'extract' in the 'download.php' script. An unauthenticated, remote attacker can leverage this issue to overwrite arbitrary PHP variables, leading to arbitrary PHP code execution, SQL injection, as well as other sorts of...
Pligg settemplate.php template Parameter Local File Inclusion
The remote host is running Pligg, an open source content management system. The installed version of Pligg fails to sanitize the 'template' cookie before using it in 'config.php' to include PHP code. An unauthenticated, remote attacker can exploit this issue to view arbitrary files or even execut...
H0tturk Panel - gizli.php Remote File Inclusion
H0tturk Panel - gizli.php Remote File Inclusion source: https://www.securityfocus.com/bid/30468/info H0tturk Panel is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...
H0tturk Panel - 'gizli.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/30468/info H0tturk Panel is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the...
Remote file inclusion
PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter...
Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection
Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg alertdocument.cookie; The above example link would display the end users cookie to them. Of course this can also be use...
Pligg CMS 9.9.0 - Remote Code Execution
Pligg CMS 9.9.0 - Remote Code Execution !/usr/bin/perl -w use LWP::UserAgent; use MIME::Base64; use Digest::MD5 qwmd5hex; use Getopt::Std; getopts'h:', %args; print "\n"; print " Pligg new; $http-agent'Mozilla/5.0 Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1 Gecko/2008070208 Firefox/3.0.1';...
Remote file inclusion
PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter...
Code injection
SocialEngine SE before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code...
CVE-2008-3298
SocialEngine SE before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code...
CVE-2008-3298
SocialEngine SE before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code...
EZContents - minicalendar.php Remote File Inclusion
EZContents - minicalendar.php Remote File Inclusion source: https://www.securityfocus.com/bid/30373/info ezContents CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in...
EZContents - 'minicalendar.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/30373/info ezContents CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allo...
Flip 3.0 - config.php Remote File Inclusion
Flip 3.0 - config.php Remote File Inclusion source: https://www.securityfocus.com/bid/30312/info Flip is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of th...
Flip 3.0 - 'config.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/30312/info Flip is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the...
CVE-2008-3207
PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the 1 sourceFolder or 2 moduleFolder parameter...
fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion
The remote host is running fuzzylime cms, a PHP-based content management system. The version of fuzzylime cms installed on the remote host fails to sanitize user-supplied input to the 'files' parameter of the 'commsrss.php' script before using it to include PHP code. Regardless of PHP's...
Community CMS 0.1 - include.php Remote File Inclusion
Community CMS 0.1 - include.php Remote File Inclusion source: https://www.securityfocus.com/bid/30275/info Community CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code i...
Community CMS 0.1 - 'include.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/30275/info Community CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow...
OpenPro 1.3.1 - search_wA.php Remote File Inclusion
OpenPro 1.3.1 - searchwA.php Remote File Inclusion source: https://www.securityfocus.com/bid/30264/info OpenPro is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the...