Directory traversal

Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log fil...

CVE-2006-6869

Directory traversal vulnerability in includes/search/searchmdforum.php in MAXdev MDForum 2.0.1 and earlier, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang cookie to error.php, as...

CVE-2006-6445

Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PNSVlang PNSV lang parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then...

CVE-2006-3611

Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALStemplate parameter, as demonstrated by injecting PHP sequences into a log file, which is then included by pm.php...

CVE-2006-3554

CVE-2006-3554 affects MKPortal 1.0.1 Final and is a directory traversal vulnerability in index.php. The underlying flaw allows remote attackers to include and execute arbitrary local files by manipulating directory traversal sequences in the language cookie, demonstrated by injecting PHP sequence...

Directory traversal

Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache errorlog file, which...

CVE-2006-1777

Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache errorlog file, which...

CVE-2006-1346

Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a langfile parameter, as demonstrated by injecting PHP sequences into an Apache accesslog file...