7213 matches found
Mambo Component LMTG Myhomepage 1.2 - Multiple Remote File Inclusions
Mambo Component LMTG Myhomepage 1.2 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/19584/info The lmtgmyhomepage component for Mambo is prone multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploi...
CVE-2006-4196
PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatesdir parameter...
CVE-2006-4198
PHP remote file inclusion vulnerability in includes/session.php in Wheatblog wB 1.1 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wbclassdir parameter...
CVE-2006-4215
PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoadConfig9990loadFile parameter...
solpot-adv-04.txt
SolpotCrew Community modernbill ver 1.6 DIR Remote File Inclusion Download file : http://freshmeat.net/projects/modernbill/ Bug Found By :Solpot a.k.a k. Hasibuan 03-08-2006 contact: [email protected] Website : http://www.solpotcrew.org/adv/solpot-adv-04.txt Greetz: choi , cow1seng , Ibnusi...
Blog:CMS 4.1 - Dir_Plugins Multiple Remote File Inclusions
Blog:CMS 4.1 - DirPlugins Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/19577/info Blog:CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary...
Zen Cart autoload_func.php autoLoadConfig Array Remote File Inclusion
The version of Zen Cart installed on the remote host fails to sanitize input to the 'autoLoadConfig' array parameter before using it in 'includes/autoloadfunc.php' to include PHP code. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be able to exploit these...
CVE-2006-4163
PHP remote file inclusion vulnerability in clsfasttemplate.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE: another researcher was unable to find a way to execute code after including it via a URL. CVE...
Mambo Component Reporter 1.0 - 'Reporter.sql.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/19553/info Reporter a Mambo component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute...
Mambo Component Reporter 1.0 - Reporter.sql.php Remote File Inclusion
Mambo Component Reporter 1.0 - Reporter.sql.php Remote File Inclusion source: https://www.securityfocus.com/bid/19553/info Reporter a Mambo component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to...
Lizge 20 - 'index.php' Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/19533/info Lizge is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in t...
Zen Cart Web Shopping Cart 1.3.0.2 - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion
source: https://www.securityfocus.com/bid/19543/info Zen Cart is prone to multiple remote and local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote and local files containing malicious PHP cod...
Zen Cart Web Shopping Cart 1.3.0.2 - autoload_func.php?autoLoadConfig[999][0][loadFile] Remote File Inclusion
Zen Cart Web Shopping Cart 1.3.0.2 - autoloadfunc.php?autoLoadConfig9990loadFile Remote File Inclusion source: https://www.securityfocus.com/bid/19543/info Zen Cart is prone to multiple remote and local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An...
Lizge 20 - index.php Multiple Remote File Inclusions
Lizge 20 - index.php Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/19533/info Lizge is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote...
GLSA-200608-19 : WordPress: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-200608-19 WordPress: Privilege escalation The WordPress developers have confirmed a vulnerability in capability checking for plugins. Impact : By exploiting a flaw, a user can circumvent WordPress access restrictions when using...
CVE-2006-4085
PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project TSEP 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsepconfigabsPath parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this...
CVE-2006-4076
Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition docpile:we 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INITPATH parameter to 1 lib/access.inc.php, 2 lib/folders.inc.php, 3 lib/init.inc.php or 4 lib/templates.inc.php...
CVE-2006-4077
PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager CWFM 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter...
CVE-2006-4053
PHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter...
WEBinsta Mailing List Manager 1.3 - 'Install3.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/19477/info WEBinsta Mailing List Manager is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and...