Command injection

ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it coul...

CVE-2007-5294

PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta aka Phoenix allows remote attackers to execute arbitrary PHP code via a URL in the siteabsolutepath parameter...

CVE-2007-5307

ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it coul...

CVE-2007-5307

ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it coul...

CVE-2007-5307

Technical details about CVE-2007-5307 are not publicly available in the provided connected documents. Please monitor for updates on affected software, impact and remediation.

LightBlog 8.4.1.1 Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " LightBlog 8.4.1.1 Remote Code Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc3 echo "Usage: php ".$argv0." Host...

CVE-2007-5178

contrib/mxglancesdesc.php in the mxglance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mxrootpath parameter...

CVE-2007-5178

The CVE describes a vulnerability in the mx_glance 2.3.3 module for mxBB where a missing delimiter inside a security check placed within a comment enables remote file inclusion (RFI) and arbitrary PHP code execution via a URL in the mx_root_path parameter. Affected software is mx_glance 2.3.3 for...

Design/Logic Flaw

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php."...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct...

CVE-2007-5167

PHP remote file inclusion vulnerability in .systeme/fonctions.php in phpLister 0.5-pre2 allows remote attackers to execute arbitrary PHP code via a URL in the nomrepsysteme parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/archive/archivetopic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre Contenido 42VariablVersion 42VV10 in contenidohacks in Mods 4 Xoops Contenido eZ publish pdf4cms allow remote attackers to execute arbitrary PHP code via a URL in the cfgPathInc parameter to 1 mainupl.php, 2 mainconeditside.php, 3...

CVE-2007-5115

Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre Contenido 42VariablVersion 42VV10 in contenidohacks in Mods 4 Xoops Contenido eZ publish pdf4cms allow remote attackers to execute arbitrary PHP code via a URL in the cfgPathInc parameter to 1 mainupl.php, 2 mainconeditside.php, 3...

CVE-2007-5114

PHP remote file inclusion vulnerability in include/plugin/block.t.php in Peter Schmidt phpmyProfiler 0.9.6b allows remote attackers to execute arbitrary PHP code via a URL in the pmprelpath parameter. NOTE: this issue is disputed by CVE because the applicable requireonce is in a function that is...

Remote file inclusion

PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2007-5100

Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter to 1 language/langgerman/langadminalbum.php, 2...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the gsLanguage parameter to 1 search/search.php, 2 poll/inlinepoll.php, 3 poll/showpoll.php, 4 links/showlinks.php, or 5 links/submitlinks.php in...

CVE-2007-5053

Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in 1 the adminhome parameter to modules/poll/pollsummary.php or 2 the rootdp parameter to include/db.php; or a URL in the languagehome parameter to 3...

Remote file inclusion

PHP remote file inclusion vulnerability in html/modules/extranetprofile/main.php in openEngine 1.9 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the thismodulepath parameter. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a...