7214 matches found
[ECHO_ADV_50$2006]OpenDock Easy Blog <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability
ECHOADV50$2006 ----------------------------------------------------------------------------------------------- ECHOADV50$2006OpenDock Easy Blog =1.4 docdirectory Multiple Remote File Inclusion Vulnerability...
[ECHO_ADV_52$2006]OpenDock Easy Gallery <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability
ECHOADV52$2006 ----------------------------------------------------------------------------------------------- ECHOADV52$2006OpenDock Easy Gallery =1.4 docdirectory Multiple Remote File Inclusion Vulnerability...
OpenDock Easy Blog <=1.4 (doc_directory) File Include Vulnerabilities
Exploit for unknown platform in category web applications ===================================================================== OpenDock Easy Blog =1.4 docdirectory File Include Vulnerabilities ===================================================================== ECHOADV50$2006...
vtiger -- multiple remote file inclusion vulnerabilities
Dedi Dwianto a.k.a theday reports: Input passed to the "$calpath" parameter in update.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources...
PHP Live! <= 3.1 help.php Remote File Inclusion vulnerability
/ -------------------------------------------------------- Neo Security Team NST - Advisory 25 - 08/10/06 -------------------------------------------------------- Program: PHP Live! Homepage: http://www.phplivesupport.com/ Vulnerable Versions: 3.1 and prior Risk: High! Impact: Critical Risk -==PH...
FreeBSD : phpbb -- NULL byte injection vulnerability (86526ba4-53c8-11db-8f1a-000a48049292)
Secunia reports : ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the 'avatarpath' parameter in admin/adminboard.php is not properly sanitised before being used as a configuration variable to store avata...
PixelMotionV2.1.1.txt
!/usr/bin/perl Affected.scr..: Blog Pixel Motion V2.1.1 Poc.ID........: 12060927 Type..........: PHP Code Execution stripslashes, SQL Injection urldecode Risk.level....: High Vendor.Status.: Unpatched Src.download..: www.pixelmotion.org/zip/blog2.1.zip Poc.link......:...
CVE-2006-5115
Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file throug...
PT-2006-5892 · Deluxebb · Deluxebb
Name of the Vulnerable Software and Affected Versions: DeluxeBB versions 1.09 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter. This can be exploited by providing a malicious URL to the vulnerable parameter,...
CVE-2006-5115
CVE-2006-5115 describes a directory-traversal in the web app component kgcall.php of KGB 1.87 . An attacker can abuse the engine parameter with a ".." path to trick the app into including and executing arbitrary local files, demonstrated by uploading a PHP-coded image with an image/jpeg content t...
CVE-2006-5126
PHP remote file inclusion vulnerability in index.php in John Himmelman aka DaRk2k1 PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter...
CVE-2006-5137
Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to 1 inject PHP code via a theme array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; 2 inject PHP code via a config array parameter to...
DeluxeBB 1.09 - Sig.php Remote File Inclusion
DeluxeBB 1.09 - Sig.php Remote File Inclusion source: https://www.securityfocus.com/bid/20292/info DeluxeBB is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files...
DeluxeBB 1.09 - 'Sig.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/20292/info DeluxeBB is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it i...
CVE-2006-5093
PHP remote file inclusion vulnerability in index.php in Tagmin Control Center in TagIt! Tagboard 2.1.B Build 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...
CVE-2006-5095
PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before being used when the product is installed...
CVE-2006-5077
PHP remote file inclusion vulnerability in admin/admintopicactionlogging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
VideoDB <= 2.2.1 (pdf.php) Remote File Include Exploit
Exploit for unknown platform in category web applications ====================================================== VideoDB = 2.2.1 pdf.php Remote File Include Exploit ====================================================== ?php / ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :...
CVE-2006-5085
Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nomblog parameter, which is injected into include/variables.php...
[Full-disclosure] Advisory 06/2006: PHProjekt (Remote) Include Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: PHProjekt Remote Include Vulnerabilities Release Date: 2006/09/29 Last Modified: 2006/09/29 Author: Stefan Esser [email protected] Application: PHProjekt 5.1.1 Severity:...