CVE-2004-2256

Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang language variable...

CVE-2002-1841

The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4...

Bitrix Site Manager 4.0.5 - Remote File Inclusion

Author : Don Tukulesto [email protected] + Date : November 13, 2009 + Homepage : http://www.indonesiancoder.com + Vendor : http://www.bitrixsoft.com/ + Method : Remote File Inclusion + Location : INDONESIA Notes : I know this is an old bugs, but i just write this exploit under perl module...

CVE-2005-1698

CVE-2005-1698 affects PostNuke 0.750 and 0.760RC3, enabling remote attackers to obtain sensitive information through direct requests to a set of files across the Xanthia module, pnblocks directory, NS-Multisites module, and xmlrpc.php. The listed targets include theme.php, Xanthia.php, user.php, ...

CVE-2003-1180

Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the basepath or pollvarslang parameters to the admin files 1 index.php, 2 admintplnew.php, 3 admintplmiscnew.php, 4...

CVE-2004-1974

paFileDB 3.1 is affected by an information disclosure vulnerability where remote attackers can learn sensitive path information by issuing direct requests to pages (login.php, category.php, search.php, main.php, viewall.php, download.php, email.php, file.php, rate.php, stats.php). The underlying ...

CVE-2005-0272

ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions...

CVE-2005-0606

Cross-site scripting XSS vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the 1 catid, 2 PHPSESSID, 3 viewdoc, 4 product, 5 session, 6 catname, 7 search, or 8 page parameters...

CVE-2005-1003

Directory traversal vulnerability in index.php for ProfitCode PayProCart 3.0 allows remote attackers to include arbitrary PHP files via .. dot dot sequences in the modID parameter...

PT-2005-2067 · Phpbb · Phpbb

Name of the Vulnerable Software and Affected Versions: phpBB versions 2.0.x Description: The issue concerns a file upload script, specifically the mod for phpBB, which fails to properly restrict the types of files that can be uploaded. This allows remote authenticated users to execute arbitrary...

CVE-2005-0869

phpSysInfo 2.3 is affected by CVE-2005-0869. The issue enables remote attackers to obtain sensitive information by requesting specific PHP files (class.OpenBSD.inc.php, class.NetBSD.inc.php, class.FreeBSD.inc.php, class.Darwin.inc.php, XPath.class.php, system_header.php, system_footer.php), which...

PT-2005-1857 · Ciamos +2 · Ciamos +2

Name of the Vulnerable Software and Affected Versions: RUNCMS version 1.1A CIAMOS version 0.9.2 RC1 e-Xoops version 1.05 Rev3 Description: The issue allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter. This can be used to read sensitive information...

CVE-2005-0780

paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to 1 auth.php, 2 login.php, 3 category.php, 4 file.php, 5 team.php, 6 license.php, 7 custom.php, 8 admins.php, or 9 backupdb.php, which reveal the path in a PHP error message...

CVE-2005-0790

phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to 1 lib-xmlrpcs.inc.php, 2 maintenance-activation.php, 3 maintenance-cleantables.php, 4 maintenance-autotargeting.php, 5 maintenance-reports.php, 6 phpads.php, 7 remotehtmlview.php, 8 click.php, 9...

Ciamos 0.9.2 - Highlight.php File Disclosure

Ciamos 0.9.2 - Highlight.php File Disclosure source: https://www.securityfocus.com/bid/12854/info Ciamos is reported prone to a file disclosure vulnerability. The full scope of this vulnerability is not currently known, however, it is demonstrated that this issue may be leveraged to disclose the...

CVE-2005-0724

CVE-2005-0724 affects paFileDB versions 3.1 and earlier. Affected component: PHP application paFileDB; root cause is that an invalid str parameter to pafiledb.php or direct requests to viewall.php, stats.php, search.php, rate.php, main.php, license.php, category.php, download.php, file.php, email...

CVE-2005-0606

Cross-site scripting XSS vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the 1 catid, 2 PHPSESSID, 3 viewdoc, 4 product, 5 session, 6 catname, 7 search, or 8 page parameters...

CVE-2004-1571

AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to 1 auto-acronyms.php, 2 auto-archive.php, 3 ount-article-views.php, 4 kses.php, 5 custom-quick-tags.php, 6 disable-all-comments.php, 7 easy-date-format.php, 8 enable-disable-comments.php, 9...

CVE-2004-1581

CVE-2004-1581 affects BlackBoard 1.5.1. A remote attacker can request (1) checkdb.inc.php, (2) admin.inc.php, or (3) cp.inc.php and trigger a PHP error that reveals the install path, enabling information disclosure. No fixes or mitigations are described in the provided documents. Impacts are limi...

CVE-2004-1506

Multiple cross-site scripting XSS vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via 1 viewentry.php, 2 viewd.php, 3 usersel.php, 4 datesel.php, 5 trailer.php, or 6 styles.php, as demonstrated using img srg tags...