Luckybot 3 - 'DIR' Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/21765/info Multiple remote file-include vulnerabilities affect Luckybot because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage these issues to execute arbitrary...

Headline Portal Engine 0.x/1.0 - 'HPEInc' Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/19663/info Multiple remote file-include vulnerabilities affect HPE because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage these issues to execute arbitrary...

PHProjekt Content Management Module 0.6.1 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/19628/info Multiple remote file-include vulnerabilities affect the Content Management module for PHProjekt because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage...

Nucleus CMS < 3.23 PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion

Binary data 3633.prm...

phpwcms spaw_control.class.php spaw_root Parameter Remote File Inclusion

The remote host is running phpwcms, an open source content management system written in PHP. The version of phpwcms installed on the remote host fails to sanitize user-supplied input to the 'spawroot' parameter before using it in PHP include functions in the...

XOOPS xoopsConfig[language] Parameter Local File Inclusion (XOOPS_WFd205_xpl)

The remote installation of XOOPS fails to sanitize user-supplied input to the 'xoopsConfiglanguage' parameter of several xoopseditor scripts before using it in PHP 'include' functions. An unauthenticated attacker may be able to leverage these issues to read arbitrary local files and even execute...

pmachineExec.txt

This is a multi-part message in MIME format. ------=NextPart000000001C516AC.9C269F50 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit pMachine Pro / pMachine Free Remote Code Execution vendor website: http://www.pmachine.com I. BACKGROUND PMachine is one of the most...

[Full-Disclosure] pMachine Pro / pMachine Free Remote Code Execution

pMachine Pro / pMachine Free Remote Code Execution vendor website: http://www.pmachine.com I. BACKGROUND PMachine is one of the most flexible & creative on-line publishing tools available. With PMachine you can publish any kind of web content - from a basic weblog to an advanced, interactive...

PHP Include Exploit in Mail Manage EX v3.1.8 and maybe others.

Description: PHP Include Exploit in Mail Manage EX v3.1.8 Compromise: a malicious PHP script from an external host may be included and executed. Vulnerable Systems: all system using mmex.php v3.1.8 and maybe lower not tested. Details: The PHP Include exploit exist in de folowing code,...

PHP-Include-Hack-Possibility in phpforum 2 RC-1

================================================ ------------------------------------------------ ------------www.bright-shadows.net------------ ------------------------------------------------ --------------theblacksheep&erik-------------- ------------------------------------------------...

XSS and PHP include bug in W-Agora

I have found some bugs in W-Agora's forum configuration filesystem. In the page editform.php, an admin or root user can open any file, with the "PHP Include bug". A sample of the script: editform.php ?php the script gets the parameter "file", puts ".php" after this, and includes the file in the...

FreeNews &amp; News Evolution &#40;PHP&#41;

Informations : °°°°°°°°°°°°°° Problem : Include files a ------------------- Product : Freenews Version : 2.1 Website : http://www.prologin.fr ---------------------- b ------------------- Product : News Evolution Versions : 1.0, 2.0 Website : http://www.phpevolution.net ---------------------- PHP...

ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution

ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution source: https://www.securityfocus.com/bid/5028/info Zeroboard is a PHP web board package available for the Linux and Unix platforms. Under some circumstances, it may be possible to include arbitrary PHP files. The head.php file does not...

Basilix Webmail 1.0 - File Disclosure

Basilix Webmail 1.0 - File Disclosure source: https://www.securityfocus.com/bid/2995/info Basilix is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. During operation, Basilix opens a PHP include file using a variable as...

Basilix Webmail 1.0 - File Disclosure

source: https://www.securityfocus.com/bid/2995/info Basilix is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. During operation, Basilix opens a PHP include file using a variable as the filename that can be supplied...

SRADV00006.txt

================================================= Secure Reality Pty Ltd. Security Advisory 6 SRADV00006 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in phpGroupWare Released 6/11/2000 Vulnerable Versions below...