X7 Chat 2.0 - help_file Remote Command Execution

X7 Chat 2.0 - helpfile Remote Command Execution !/usr/bin/php -q -d shortopentag=on works regardless of magicquotesgpc settings\r\n"; echo " if avatar uploads are enabled default\r\n"; echo "dork: intitle:"X7 Chat Help Center" | "Powered By X7 Chat"\r\n\r\n"; if $argc4 echo "Usage: php...

Code injection

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

CVE-2006-2129

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

CVE-2006-2129

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

DMCounter 0.9.2 -b - Kopf.php Remote File Inclusion

DMCounter 0.9.2 -b - Kopf.php Remote File Inclusion source: https://www.securityfocus.com/bid/17756/info DMCounter is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...

DMCounter 0.9.2 -b - 'Kopf.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17756/info DMCounter is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...

Remote file inclusion

PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via 1 README.html or 2 HEADER.html...

CVE-2006-2098

PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via 1 README.html or 2 HEADER.html...

CoolMenus 4.0 - index.php Remote File Inclusion

CoolMenus 4.0 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/17738/info CoolMenus is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include...

I-RATER Platinum - Config_settings.TPL.php Remote File Inclusion

I-RATER Platinum - Configsettings.TPL.php Remote File Inclusion source: https://www.securityfocus.com/bid/17731/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploi...

Artmedic Event - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17736/info Artmedic Event is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

CoolMenus 4.0 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17738/info CoolMenus is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...

I-RATER Platinum - 'Config_settings.TPL.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17731/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

Code injection

actionpublic/search.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "e" execute modifier...

CVE-2006-2059

actionpublic/search.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "e" execute modifier...

Sql injection

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by som...

CVE-2006-2005

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by som...

CVE-2006-2002

PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirbase parameter...

CVE-2006-2005

CVE-2006-2005 affects ClanSys 1.1 (index.php). The vulnerability is an eval injection in the page parameter that allows remote attackers to execute arbitrary PHP code, demonstrated by injecting an include statement into the eval. Some sources describe it as a file inclusion, but the primary issue...

[SA19749] built2go Movie Review "full_path" File Inclusion Vulnerability

TITLE: built2go Movie Review "fullpath" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA19749 VERIFY ADVISORY: http://secunia.com/advisories/19749/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: built2go Movie Review 1.x http://secunia.com/product/9515/...