7212 matches found
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party ALP, allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including 1 ase.php, 2 devi.php, 3 doom3.php,...
horde_help_module.pm.txt
Title: Horde package Msf::Exploit::hordehelpmodule; use base "Msf::Exploit"; use strict; use Pex::Text; use bytes; my $advanced = ; my $info = 'Name' = 'Horde help viewer module remote PHP code execution', 'Version' = '$Revision: 1.0 $', 'Authors' = 'inkubus ' , 'Arch' = , 'OS' = , 'Priv' = 0,...
Indexu 5.0 - Multiple Remote File Inclusions
Indexu 5.0 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/17470/info The 'indexu' application is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can explo...
AzDGVote - Remote File Inclusion
AzDGVote - Remote File Inclusion source: https://www.securityfocus.com/bid/17447/info AzDGVote is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...
Indexu 5.0 - Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/17470/info The 'indexu' application is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remot...
Horde <= 3.0.9 3.1.0 (Help Viewer) Remote Code Execution (metasploit)
No description provided by source. Title: Horde = 3.0.9, 3.1.0 Help Viewer Remote PHP Code Execution Vulnerability Name: hordehelpmodule.pm License: Artistic/BSD/GPL Info: Trying to get the command execution exploits out of the way on milw0rm.com. M's are always good. - This is an exploit module...
SPIP 1.8.3 - Spip_login.php Remote File Inclusion
SPIP 1.8.3 - Spiplogin.php Remote File Inclusion source: https://www.securityfocus.com/bid/17423/info SPIP is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an...
SPIP 1.8.3 - 'Spip_login.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/17423/info SPIP is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP co...
Horde 3.0.9/3.1.0 - Help Viewer Remote Code Execution (Metasploit)
Title: Horde package Msf::Exploit::hordehelpmodule; use base "Msf::Exploit"; use strict; use Pex::Text; use bytes; my $advanced = ; my $info = 'Name' = 'Horde help viewer module remote PHP code execution', 'Version' = '$Revision: 1.0 $', 'Authors' = 'inkubus ' , 'Arch' = , 'OS' = , 'Priv' = 0,...
Code injection
Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts...
CVE-2006-1668
newimage.php in Eric Gerdes Crafty Syntax Image Gallery CSIG aka PHP thumbnail Photo Gallery 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php...
CVE-2006-1658
Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts...
CVE-2006-1668
newimage.php in Eric Gerdes Crafty Syntax Image Gallery CSIG aka PHP thumbnail Photo Gallery 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php...
CVE-2006-1653
PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter...
Information disclosure
Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development FXB application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specif...
CVE-2006-1623
Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development FXB application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specif...
CVE-2006-1623
Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development FXB application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specif...
CVE-2006-1623
Technical details for CVE-2006-1623 are not publicly available in the provided documents. The descriptions remain vague about vulnerability type, affected product, and impact. Monitor for updates from NVD/CVE records and connected sources.
AngelineCMS loadkernel.php installPath Parameter Remote File Inclusion
The remote host is running AngelineCMS, an open source content management system written in PHP. The version of AngelineCMS installed on the remote host fails to sanitize user-supplied input to the 'installPath' parameter of the '/kernel/loadkernel.php' script before using it in a PHP 'includeonc...
Remote file inclusion
PHP remote file inclusion vulnerability in lib/armygame.php in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party ALP, allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. NOTE: this only occurs when registerglobals is disabled...