OpenPro 1.3.1 - 'search_wA.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/30264/info OpenPro is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the...

CVE-2008-3184

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO PHPSELF or 2 the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE:...

CVE-2008-3183

PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/toolbar.php in gapicms 9.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dirDepth parameter...

CVE-2008-3184

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO PHPSELF or 2 the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE:...

yuhhupubs-sql.txt

inurl: browse.groups.php Dork 2 -- inurl:browse.events.php Dork 3 -- browse.music.php Dork 4 -- browse.groups.php / settimelimit0; errorreporting0; echo " Yuhhu Pubs Exploit Coded By RMx USERS EXPLOIT : Örnek :http://www.example.com "; if isset$POST'site' $site=$POST'site';...

Unrestricted file upload

Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the UploadAvatar parameter and sending the image/gif content type...

CVE-2008-3093

Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the UploadAvatar parameter and sending the image/gif content type...

CVE-2008-3093

Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the UploadAvatar parameter and sending the image/gif content type...

Site@School 2.4.10 - FCKeditor Session Hijacking Arbitrary File Upload

Site@School 2.4.10 - FCKeditor Session Hijacking Arbitrary File Upload ?php / ------------------------------------------------------------------------- Site@School = 2.4.10 fckeditor Session Hijacking / File Upload Exploit -------------------------------------------------------------------------...

Site@School 2.4.10 - 'FCKeditor' Session Hijacking / Arbitrary File Upload

?php / ------------------------------------------------------------------------- Site@School = 2.4.10 fckeditor Session Hijacking / File Upload Exploit ------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 allow remote attackers to execute arbitrary PHP code via a URL in the includeconnection parameter to 1 edittopfeature.php and 2 edittopicsfeature.php in phpi/...

CVE-2008-2981

PHP remote file inclusion vulnerability in admin/templates/templatethumbnail.php in HomePH Design 2.10 RC2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumbtemplate parameter...

Wordtrans-web exec_wordtrans Function Arbitrary Command Execution

The remote host is running wordtrans-web, a web-based front-end for wordtrans, for translating words. The version of wordtrans-web installed on the remote host fails to sanitize input to the 'advanced' parameter of the 'wordtrans.php' script before using it in an 'passthru' statement to execute P...

CVE-2008-2905

PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the CacheLite package in Mambo 4.6.4 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2008-2884

PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-2884

PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information...

CVE-2008-2885

PHP remote file inclusion vulnerability in src/browser/resource/categories/resourcecategoriesview.php in Open Digital Assets Repository System ODARS 1.0.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSESROOT parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the modroot parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroomjmdir parameter. NOTE: some of these details are obtained from third party information...

Seagull PHP Framework 0.6.4 - FCKeditor Arbitrary File Upload

Seagull PHP Framework 0.6.4 - FCKeditor Arbitrary File Upload ?php / ------------------------------------------------------------------------ Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ------------------------------------------------------------------------ author...:...