7211 matches found
PHP-Nuke 7.x - Multiple Remote File Inclusions
PHP-Nuke 7.x - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issue...
PHP-Nuke 7.x - Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/18186/info PHP-Nuke is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing...
Fusionphp Fusion News 3.3/3.6 - X-Forworded-For PHP Script Code Injection
source: https://www.securityfocus.com/bid/13661/info FusionPHP Fusion News is prone to a remote PHP code injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. This may facilitate unauthorized access. ? $copyr = " !!! PRIVATE !!! PRIVA...
[SA15312] BoastMachine File Upload Vulnerability
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: BoastMachine File Upload Vulnerability SECUNIA ADVISOR...
e107 search.php search_info Parameter Traversal Arbitrary File Inclusion
The version of e107 installed on the remote host is affected by a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input to the 'searchinfo' parameter of the 'search.php' script. This vulnerability could allow a remote, unauthenticated attacker to view...
CVE-2003-1178
Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the 1 id, 2 templateset, or 3 action parameter...
ZeroBoard Worm Source Code
No description provided by source. / The worm exploits a vulnerability in ZeroBoard, allowing an attacker to inject arbitrary PHP code. /str0ke / / ZeroBoard -1day INE w0rm / include stdio.h include unistd.h include stdlib.h include sys/socket.h include netdb.h include netinet/in.h include signal...
ZeroBoard - Worm Source Code
ZeroBoard - Worm Source Code / The worm exploits a vulnerability in ZeroBoard, allowing an attacker to inject arbitrary PHP code. /str0ke / / ZeroBoard -1day INE w0rm / include include include include include include include include include ifdef sun include endif / SunOS / define DEBUGING undef...
osTicket <= 1.2.7 Multiple Vulnerabilities
The version of osTicket installed on the remote host suffers from several vulnerabilities : - A Remote File Include Vulnerability The script 'include/main.php' lets an attacker read arbitrary files on the remote host and possibly even run arbitrary PHP code, subject to the privileges of the web...
CVE-2005-1438
The connected documents confirm a Remote File Include vulnerability in osTicket variants, specifically CVE-2005-1438, via the include_dir parameter in main.php. The issue affects osTicket versions up to 1.2.7 (per Tenable NASL “osTicket <= 1.2.7 Multiple Vulnerabilities”) and is included among...
CVE-2005-1438
PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the includedir parameter...
CVE-2005-0327
pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php...
CVE-2005-0565
The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension...
CVE-2005-1222
catforgen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the addirect parameter to reference catforgen.php, then including the code in the mforracine parameter, which is then written to catforgen.php...
CVE-2005-0913
Unknown vulnerability in the regexreplace modifier modifier.regexreplace.php in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code...
Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)
The version of Claroline an open source, collaborative learning environment installed on the remote host suffers from a number of remotely-exploitable vulnerabilities, including: - Multiple Remote File Include Vulnerabilities Four scripts let an attacker read arbitrary files on the remote host an...
CVE-2005-1312
PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors...
GrayCMS php code injection
Version: 1.1 Severity: High Vendor: http://gcms.graymur.net/ Vulnerable code is in "code/error.php": ----begin---- ... if !isset$page $page = ''; if !isset$pathprefix $pathprefix = '../'; if empty$main require $pathprefix.'code/main.dat'; if isset$e404 or isset$GET'e404' ... if isset$e403 or...
CVE-2005-1312
PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors...
CVE-2005-1222
catforgen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the addirect parameter to reference catforgen.php, then including the code in the mforracine parameter, which is then written to catforgen.php...