Meganoide's News 1.1.1 - 'Include.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/22589/info Meganoide's news is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. This issue...

CedStat 1.31 - 'index.php?hier' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22588/info CedStat is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. This issue affects...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 configpath parameter to a tagviewer.php, b tagprocess.php, and c CONFIG/errmsg.inc.php; and d...

CVE-2006-7003

PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter...

Unrestricted file upload

Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as 1 .rar.php or 2 .zip.php...

CVE-2007-0871

Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as 1 .rar.php or 2 .zip.php...

eXtreme File Hosting remote file upload vulnerability

A security bug have been discovered in eXtreme File Hosting, which can be upload the attaker files and can get the shell with phpshell. bug : in this borgram with php can user upload zip or rar file hacker can upload the a.php.rar file that contain ?php $file = 'http://sample.com/evilefile.php';...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNPREALPATH parameter. NOTE: CVE and a third party dispute this issue, since GNPREALPATH is a constant, not a variable...

CVE-2007-0850

scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panelcronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename...

Remote file inclusion

PHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter...

CVE-2007-0839

Multiple PHP remote file inclusion vulnerabilities in index/indexalbum.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the 1 PLIB and 2 PINDEX parameters...

Remote file inclusion

PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateiennews parameter...

CVE-2007-0831

Multiple PHP remote file inclusion vulnerabilities in Atsphp 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the CONFpath parameter to 1 index.php, 2 sources/usercp.php, or 3 sources/admin.php. NOTE: Another researcher has disputed this vulnerability, noting that CONFpath ...

Directory traversal

Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file...

CVE-2007-0808

PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script...

CVE-2007-0809

PHP remote file inclusion vulnerability in includes/classtemplate.php in Categories hierarchy aka CH or mod-CH 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-0804

GGCMS 1.1.0 RC1 and earlier suffer a directory traversal flaw in admin/subpages.php. The subpageName parameter can include ".." sequences to traverse the filesystem and inject arbitrary PHP code into a template file, enabling remote code execution on the affected host. CVSS 2.0 base score 7.5 (HI...

CVE-2007-0785

PHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 CoD2 DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...

CVE-2007-0762

PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...