CVE-2010-4924

PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party...

CVE-2010-4914

PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter...

CVE-2010-4918

PHP remote file inclusion vulnerability in iJoomla Magazine commagazine component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php...

Remote file inclusion

PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter...

CVE-2010-4918

CVE-2010-4918 affects the Joomla! extension iJoomla Magazine (com_magazine) version 3.0.1, where a PHP Remote File Inclusion (RFI) vulnerability in magazine.functions.php allows an attacker to execute arbitrary PHP code via the config parameter in a URL. The underlying issue is an unchecked confi...

CVE-2010-4918

PHP remote file inclusion vulnerability in iJoomla Magazine commagazine component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php...

CVE-2010-4878

PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the scriptpfad parameter...

PHP Support Tickets 'page' Parameter Remote PHP Code Execution Vulnerability - Active Check

PHP Support Tickets is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...

CVE-2009-5095

PHP remote file inclusion vulnerability in indexinc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the incordner parameter...

JagoanStore CMS Arbitary file upload vulnerability

Software: JagoanStore CMS Vendor: www.jagoanstore.com Price: Rp.900.000 IDR Vuln Type: Arbitary file upload Author: eidelweiss contact: eidelweissatwindowslivedotcom Home: www.eidelweiss-advisories.blogspot.com Gratz: Devilzc0de, YOGYACARDERLINK, and YOU !!! References:...

Jcow Social Networking Script 4.2 <= 5.2 Arbitrary Code Execution

Exploit for php platform in category web applications Exploit Title: Jcow CMS 4.x:4.2 Software Link: http://sourceforge.net/projects/jcow/files/jcow4/jcow.4.2.1.zip/download Version: 4.x:4.2 5.6.7.8:34441 at Sat Jun 04 00:00:44 +0000 2011 require 'msf/core' class Metasploit3 'JCow CMS Remote...

PT-2011-02: PHP code Injection in Kayako Support Suite

Positive Research Center has discovered PHP code injection vulnerability in Kayako Support Suite. Application insufficiently verifies incoming data received via template editing form. An attacker with administration privileges can inject arbitrary PHP code via template editing feature with an...

JagoanStore CMS Arbitary file upload vulnerability

Exploit for php platform in category web applications =================================================================== JagoanStore CMS Arbitary file upload vulnerability =================================================================== Software: JagoanStore CMS Vendor: www.jagoanstore.com...

JagoanStore CMS Shell Upload

=================================================================== JagoanStore CMS Arbitary file upload vulnerability =================================================================== Software: JagoanStore CMS Vendor: www.jagoanstore.com Price: Rp.900.000 IDR Vuln Type: Arbitary file upload...

DVBBS 2.0 index_0_0.php 任意php代码执行漏洞

No description provided by source...

WordPress TimThumb 1.32 Code Execution

Exploit Title: WordPress TimThumb Plugin - Remote Code Execution Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com Date: 3rd August 2011 Author: MaXe Software Link: http://timthumb.googlecode.com/svn-history/r141/trunk/timthumb.php Version: 1.32 Screenshot: See attachment...

VulnCheck KEV: CVE-2009-1151

Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

Chyrp 2.x swfupload Extension - upload_handler.php Arbitrary File Upload Arbitrary PHP Code Execution

Chyrp 2.x swfupload Extension - uploadhandler.php Arbitrary File Upload Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/48672/info Chyrp is prone to multiple cross-site scripting vulnerabilities, a local file-include vulnerability, an arbitrary file-upload vulnerability, an...

Chyrp 2.x swfupload Extension - &#039;upload_handler.php&#039; Arbitrary File Upload / Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/48672/info Chyrp is prone to multiple cross-site scripting vulnerabilities, a local file-include vulnerability, an arbitrary file-upload vulnerability, and a directory-traversal vulnerability. An attacker may leverage these issues to execute arbitrary...

Code injection

uploadhandler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a writepost action to the...