CVE-2006-6830

PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter...

Logahead UNU版本_widged.php远程文件上传及代码执行漏洞

Logahead是一款开源的blog软件，具有tagging、拖放等功能。 Logahead在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 Logahead的extras/plugins/widged/widged.php脚本中存在认证绕过漏洞，允许未经认证的攻击者向服务器上传文件。此外，该脚本还没有验证上传文件的扩展名，允许攻击者上传有任意扩展名（如.php）的文件并在服务器上执行任意PHP代码。 Logahead Logahead UNU edition 1.0...

CVE-2006-6887

Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/widged.php aka the WidgEd plugin, a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is...

CVE-2006-6856

Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit edycja operation, which is then executed via a direct request for this script...

CVE-2006-6809

Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator aka bubla 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 budir or 2 buconfigdir parameter...

CVE-2006-6796

PHP remote file inclusion vulnerability in admin/adminsettings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the insfile parameter...

CVE-2006-6786

Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to 1 subscribe.php or 2 unsubscribe.php...

CVE-2006-6793

PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

CVE-2006-6786

Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to 1 subscribe.php or 2 unsubscribe.php...

CVE-2006-6793

PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

CVE-2006-6786

CVE-2006-6786 affects Open Newsletter 2.5 and earlier. The vulnerability enables remote authenticated administrators to execute arbitrary PHP code by inserting code into the email parameter of subscribe.php or unsubscribe.php. This leads to potential code execution with the privileges of the auth...

CVE-2003-1314

PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook EMGB 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgbadminpath parameter...

JAF CMS Forum.PHP远程文件包含漏洞

Salims Softhouse JAF CMS是一款基于PHP的内容管理程序。 Salims Softhouse JAF CMS不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Forum.PHP'脚本对用户提交的'applAPPL'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Salims Softhouse JAF CMS 4.0 RC1 Salims Softhouse JAF CMS 3.0 RC Salims Softhouse JAF CMS 2.5 Salims Softhous...

CVE-2006-6739

PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTPDOCUMENTROOT parameter, a different vector than CVE-2006-6689...

CVE-2006-6732

PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter...

CVE-2006-6738

PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2006-6727

PHP remote file inclusion vulnerability in inertianewsclass.php in inertianews 0.02 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENTROOT parameter...

Pixel Motion Config.PHP远程命令执行漏洞

Pixel Motion是一款基于PHP的web应用程序。 Pixel Motion不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于‘config. php’脚本对用户提交的web参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Pixel Motion Pixel Motion 2.1.1 目前没有解决方案提供，请关注以下链接： http://www.pixelmotion.org/ !/usr/bin/perl Affected.scr..: Blog Pixel Motion V2.1.1...

Open Newsletter <= 2.5 Multiple Remote Vulnerabilities Exploit (update)

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "\r\n"; echo "Open Newsletter = 2. Muliple Vulnerabilities\r\n"; echo "Site: http://www.selfexile.com/projects/opennewsletter/\r\n"; echo "Dork: "This is a Free & Open Source mailing list manager"\r\n"; echo "by...

CVE-2006-6694

Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. dot dot in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php...