Mambo / Joomla! Multiple Components 'mosConfig_live_site' Parameter Remote File Include

A third-party component for Mambo or Joomla! is running on the remote host. At least one such component is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'mosConfiglivesite' parameter before using it to include PHP code. Provided the PHP...

Design/Logic Flaw

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftp, 3 ftps, or 4 ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs...

CVE-2007-4886

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftp, 3 ftps, or 4 ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs...

CVE-2007-4886

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftp, 3 ftps, or 4 ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in WebED in Markus Iser ED Engine 0.8999 alpha allow remote attackers to execute arbitrary PHP code via a URL in the Codebase parameter to 1 channeledit.php, 2 post.php, 3 view.php, or 4 viewitem.php in source/mod/rss/...

Unrestricted file upload

Unrestricted file upload vulnerability in the Restaurante comrestaurante component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under imgoriginal/...

CVE-2007-4817

Unrestricted file upload vulnerability in the Restaurante comrestaurante component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under imgoriginal/...

SolpotCrew Advisory #15 (home_edition2001) - Weblogicnet (files_dir) Remote File Inclusion

Nyubicrew Community Weblogicnet filesdir Remote File Inclusion vendor : http://www.weblogicnet.com/ source : http://weblogicnet.com/data/weblogicnet.tgz Bug Found By :homeedition2001 a.k.a bius 31-08-2007 contact: [email protected] Website : www.solpotcrew.org/adv/homeedition2001-adv-02.txt Greetz:...

Claroline inc/lib/language.lib.php language Parameter Traversal Local File Inclusion

The version of Claroline installed on the remote host fails to sanitize user-supplied input to the 'language' parameter before using it to include PHP code in the 'loadtranslation' method in 'claroline/inc/lib/language.lib.php'. Regardless of PHP's 'registerglobals' setting, an unauthenticated,...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library STPHPLibrary 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 dbconf or 2 ADODBDIR parameter to utils/stphpimageshow.php; or a URL in the STPHPLIBDIR parameter to 3 stphpbutton.php, 4...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library STPHPLibrary 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIBDIR parameter to 1 stphpapplication.php, 2 stphpbtnimage.php, or 3 stphpform.php...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Weblogicnet allow remote attackers to execute arbitrary PHP code via a URL in the filesdir parameter in 1 esdesp.php, 2 escustommenu.php, and 3 esoffer.php...

home_edition2001-adv-02.txt.txt

Nyubicrew Community Weblogicnet filesdir Remote File Inclusion vendor : http://www.weblogicnet.com/ source : http://weblogicnet.com/data/weblogicnet.tgz Bug Found By :homeedition2001 a.k.a bius 31-08-2007 contact: [email protected] Website : www.solpotcrew.org/adv/homeedition2001-adv-02.txt Greetz:...

SolpotCrew Advisory #15 (home_edition2001) - Weblogicnet (files_dir) Remote File Inclusion

Community Weblogicnet filesdir Remote File Inclusion vendor : http://www.weblogicnet.com/ source : http://weblogicnet.com/data/weblogicnet.tgz Bug Found By :homeedition2001 a.k.a bius 31-08-2007 contact: bius22 at mac dot com email concealed Website :...

Weblogicnet (files_dir) Multiple Remote File Inclusion Vulnerabilities

No description provided by source. Nyubicrew Community Weblogicnet filesdir Remote File Inclusion vendor : http://www.weblogicnet.com/ source : http://weblogicnet.com/data/weblogicnet.tgz Bug Found By :homeedition2001 a.k.a bius 31-08-2007 contact: [email protected] Website :...

Weblogicnet - files_dir Multiple Remote File Inclusions

Weblogicnet - filesdir Multiple Remote File Inclusions Nyubicrew Community Weblogicnet filesdir Remote File Inclusion vendor : http://www.weblogicnet.com/ source : http://weblogicnet.com/data/weblogicnet.tgz Bug Found By :homeedition2001 a.k.a bius 31-08-2007 contact: [email protected] Website :...

Weblogicnet (files_dir) Multiple Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ====================================================================== Weblogicnet filesdir Multiple Remote File Inclusion Vulnerabilities ====================================================================== Nyubicrew Community Weblogicn...

Weblogicnet - 'files_dir' Multiple Remote File Inclusions

Nyubicrew Community Weblogicnet filesdir Remote File Inclusion vendor : http://www.weblogicnet.com/ source : http://weblogicnet.com/data/weblogicnet.tgz Bug Found By :homeedition2001 a.k.a bius 31-08-2007 contact: [email protected] Website : www.solpotcrew.org/adv/homeedition2001-adv-02.txt Greetz:...

Remote file inclusion

PHP remote file inclusion vulnerability in protection.php in ePersonnel RC200402 allows remote attackers to execute arbitrary PHP code via a URL in the logoutpage parameter...

CVE-2007-4608

PHP remote file inclusion vulnerability in protection.php in ePersonnel RC200402 allows remote attackers to execute arbitrary PHP code via a URL in the logoutpage parameter...