MF Piadas 1.0 - 'admin.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/18679/info MF Piadas is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the...

CrisoftRicette 1.0 - 'Cookbook.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/18674/info CrisoftRicette is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

[ECHO_ADV_34$2006] W-Agora (Web-Agora) <= 4.2.0 (inc_dir) Remote File Inclusion

ECHO.OR.ID ECHOADV34$2006 --------------------------------------------------------------------------------------------------- ECHOADV34$2006 W-Agora Web-Agora = 4.2.0 incdir Remote File Inclusion ---------------------------------------------------------------------------------------------------...

CVE-2006-3173

Multiple PHP remote file inclusion vulnerabilities in ContentBuilder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pathcb parameter to a libraries/comment/postComment.php and b modules/poll/poll.php, 2 rel parameter to c modules/archive/overview.inc.php, and the 3...

CVE-2006-3172

Multiple PHP remote file inclusion vulnerabilities in ContentBuilder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash / character in the 1 langpath parameter to a cms/plugins/colman/column.inc.php, b cms/plugins/poll/poll.inc.php, c...

[SA20713] CMS Faethon "mainpath" File Inclusion and Cross-Site Scripting Vulnerabilities

---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...

Code injection

CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files...

CVE-2006-2931

CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files...

CVE-2006-3102

Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the modmime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles...

RahnemaCo - page.php PageID Remote File Inclusion

RahnemaCo - page.php PageID Remote File Inclusion source: https://www.securityfocus.com/bid/18490/info RahnemaCo is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of t...

PictureDis Products "lang" Parameter File Inclusion Vulnerability

PictureDis Products "lang" Parameter File Inclusion Vulnerability ================================================= Input passed to the "lang" parameter in thumstbl.php, wpfiles.php, and wallpapr.php is not properly verified before being used to include files. This can be exploited to execute...

RahnemaCo - 'page.php' PageID Remote File Inclusion

source: https://www.securityfocus.com/bid/18490/info RahnemaCo is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker ...

GLSA-200606-16 : DokuWiki: PHP code injection

The remote host is affected by the vulnerability described in GLSA-200606-16 DokuWiki: PHP code injection Stefan Esser discovered that the DokuWiki spell checker fails to properly sanitize PHP's 'complex curly syntax'. Impact : A unauthenticated remote attacker may execute arbitrary PHP commands ...

mcGuestbook 1.3 - lire.php?lang Remote File Inclusion

mcGuestbook 1.3 - lire.php?lang Remote File Inclusion source: https://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include...

mcGuestbook 1.3 - ecrire.php?lang Remote File Inclusion

mcGuestbook 1.3 - ecrire.php?lang Remote File Inclusion source: https://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include...

mcGuestbook 1.3 - admin.php?lang Remote File Inclusion

mcGuestbook 1.3 - admin.php?lang Remote File Inclusion source: https://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include...

mcGuestbook 1.3 - 'ecrire.php?lang' Remote File Inclusion

source: https://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code an...

mcGuestbook 1.3 - 'admin.php?lang' Remote File Inclusion

source: https://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code an...

Indexu 5.0.1 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/18477/info Indexu is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing...

CVE-2006-3019

Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMSINCLUDEPATH parameter to files in parser/include/ including 1 class.parserphpcms.php, 2 class.sessionphpcms.php, 3 class.editphpcms.php, 4...