Directory traversal

Directory traversal vulnerability in actionadmin/paysubscriptions.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. dot dot in the name parameter, preceded by enough backspace %08...

CVE-2006-2060

Directory traversal vulnerability in actionadmin/paysubscriptions.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. dot dot in the name parameter, preceded by enough backspace %08...

Sql injection

Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 allow remote attackers to execute arbitrary SQL commands via the 1 cat, 2 pic and 3 page parameter in index.php; 4 id parameter in postcard.php; and 5 cat parameter in print.php...

CVE-2006-1766

Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and earlier, allow remote attackers to execute arbitrary SQL commands via the 1 getlang and 2 reporeid parameter in a index.php, 3 menuid parameter in b plugin.php and c forumthread.php, and 4 msgid parameter in forumthread.php...

Limbo CMS Multiple Vulnerabilities

The remote web server contains a PHP application that is affected by numerous vulnerabilities. Description : The remote host is running Limbo CMS, a content-management system written in PHP. The remote version of this software is vulnerable to several flaws including : - If registerglobals is off...

Design/Logic Flaw

Laurentiu Matei eXpandable Home Page XHP CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using 1 manager.php, 2 standalonemanager.php, and 3 images.php...

CVE-2006-1371

Laurentiu Matei eXpandable Home Page XHP CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using 1 manager.php, 2 standalonemanager.php, and 3 images.php...

CVE-2006-1371

Laurentiu Matei eXpandable Home Page XHP CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using 1 manager.php, 2 standalonemanager.php, and 3 images.php...

XHP CMS <= 0.5 (upload) Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "XHP CMS = 0.5 remote cmmnds xctn\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: "powered by XHP CMS"\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host...

XHP CMS 0.5 - 'upload' Remote Command Execution

!/usr/bin/php -q -d shortopentag=on 126 $...

CVE-2006-1219

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." dot dot sequences in the stepOrder parameter to 1 upgrade/index.php or 2 install/index.php...

CVE-2006-1219

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." dot dot sequences in the stepOrder parameter to 1 upgrade/index.php or 2 install/index.php...

CVE-2006-1219

Vulnerability summary (CVE-2006-1219) : A directory traversal / local file inclusion flaw affects Gallery 2.0.3 and earlier, and 2.1 before RC-2a. The issue allows an attacker to cause the application to include arbitrary PHP files via dot-dot sequences in the stepOrder parameter sent to (1) upgr...

EUVD-2006-1223

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." dot dot sequences in the stepOrder parameter to 1 upgrade/index.php or 2 install/index.php...

CVE-2006-1219

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." dot dot sequences in the stepOrder parameter to 1 upgrade/index.php or 2 install/index.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 confirmredirect and 2 postid parameters in a delcomment.php, as reachable when mode=delcom from index.php; and the 3 del and 4...

CVE-2006-1204

Multiple cross-site scripting XSS vulnerabilities in txtForum 1.0.4-dev and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 prev, 2 next, and 3 rand5 parameters in a index.php; the 4 rusername and 5 rloc parameters in b newtopic.php; the 6 rnum, 7 rfamilyname, 8...

Directory traversal

Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. dot dot in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter...

CVE-2006-1162

Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. dot dot in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter...

CVE-2006-1162

Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. dot dot in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter...