CVE-2007-4262

Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/...

CVE-2007-4262

EZPhotoSales 1.9.3 and earlier has an unrestricted file upload vulnerability that lets remote authenticated administrators upload and execute arbitrary PHP code under the OnlineViewing/galleries/ path. The root cause is unrestricted file upload enabling code execution, allowing an admin with vali...

Sql injection

Multiple eval injection vulnerabilities in the comsearch component in Joomla! 1.5 beta before RC1 aka Mapya allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to defaultresults.php in 1 components/comsearch/views/search/tmpl/ and 2...

Remote file inclusion

PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a...

Unrestricted file upload

Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/...

CVE-2007-4182

Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/...

CVE-2007-4187

CVE-2007-4187 affects Joomla! 1.5 beta before RC1 (Mapya). The vulnerability stems from multiple eval-injection flaws in the com_search component, specifically related to the searchword parameter being passed to eval() via default_results.php (1) components/com_search/views/search/tmpl/ and (2) t...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 include parameter to a Main.php and b get.php and the 2 exec parameter to c count.php...

CVE-2007-4170

Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 include parameter to a Main.php and b get.php and the 2 exec parameter to c count.php...

CVE-2007-4167

PHP remote file inclusion vulnerability in catviewed.php in AL-Caricatier 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the CatName parameter...

Unfixed XSS vulnerability at www.madridteacher.com

Security researcher zuppergazi, has submitted on 08/03/2007 a cross-site-scripting XSS vulnerability affecting www.madridteacher.com, which at the time of submission ranked 234111 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/03/2007. It i...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in phpWebFileManager 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the PNPathPrefix parameter. NOTE: this issue is disputed by a reliable third party, who demonstrates that PNPathPrefix is defined before use...

CVE-2007-4120

Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 classfile parameter to includes/functions.php, the 2 nextitem parameter to includes/functionscron.php, and the 3 specialtemplates parameter to...

Remote file inclusion

PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the loginform parameter, a different vector than CVE-2006-3776...

CVE-2007-4057

Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio 121 and earlier allows remote authenticated users to upload arbitrary PHP code via a filename ending with 1 .php.gif, 2 .php.jpg, or 3 .php.png...

Global Centre Aplomb Poll 1.1 - admin.php?Madoa Remote File Inclusion

Global Centre Aplomb Poll 1.1 - admin.php?Madoa Remote File Inclusion source: https://www.securityfocus.com/bid/25138/info Aplomb Poll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these...

Global Centre Aplomb Poll 1.1 - index.php?Madoa Remote File Inclusion

Global Centre Aplomb Poll 1.1 - index.php?Madoa Remote File Inclusion source: https://www.securityfocus.com/bid/25138/info Aplomb Poll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these...

Global Centre Aplomb Poll 1.1 - 'index.php?Madoa' Remote File Inclusion

source: https://www.securityfocus.com/bid/25138/info Aplomb Poll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code...

RaidenHTTPD workspace.php ulang Parameter Local File Inclusion

Binary data 5103.prm...

Design/Logic Flaw

epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information...