CVE-2009-4750

PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

CVE-2009-4750

PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow 1 remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and...

CVE-2010-0988

Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow 1 remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and...

CVE-2010-0988

CVE-2010-0988 affects Pulse CMS prior to 1.2.3. The issue comprises two related vulnerabilities: (1) an improper handling of login failures in includes/login.php that enables remote attackers to write arbitrary files and execute PHP code in the web root, and (2) an issue in viewing content where ...

Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability

====================================================================== Secunia Research 24/03/2010 - Pulse CMS login.php Arbitrary File Writing Vulnerability - ====================================================================== Table of Contents Affected...

Secunia Research: Pulse CMS login.php Arbitrary File Writing Vulnerability

====================================================================== Secunia Research 24/03/2010 - Pulse CMS login.php Arbitrary File Writing Vulnerability - ====================================================================== Table of Contents Affected...

CVE-2010-1055

Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magicquotesgpc is disabled and registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the configforuminstalled parameter to 1 forum/adminLogin.php and 2 forum/userLogin.php...

eFront 'langname' Parameter Traversal Local File Inclusion

The version of eFront running on the remote web server is affected by a local file inclusion vulnerability due to improper sanitization of user-supplied input to the 'langname' parameter of the language.php script before using it to include PHP code. Regardless of PHP's 'registerglobals' setting,...

SA-CONTRIB-2010-027: Email Input Filter - Arbitrary code execution

Email Input Filter converts email style markup into web friendly format. Arbitrary code execution vulnerability in this module allows a remote attacker with the ability to create content using an input format with the email input filter enabled to execute arbitrary PHP code on an affected system...

DEDECMS v5. 5 Final select_soft_post.php vulnerability-vulnerability warning-the black bar safety net

Author:st0p Today only from Wolves Security Team to see toby57 large cattle released"DEDECMS v5. 5 GBK Final one. vulnerability"this article,the original address:http://bbs.wolvez.org/topic/125/ Your own local testing a bit,covering the SESSION this little chicken threat is true,because the reque...

ispCP Omega 'net2ftp_globals[application_skinsdir]' Parameter Remote File Include Vulnerability

ispCP Omega is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a...

InTerra Blog Machine <= 1.70 Shell Upload Vulnerability

Exploit for unknown platform in category web applications ======================================================= InTerra Blog Machine Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 +...

CVE-2010-0755

PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter...

ProMan 0.1.1 - Multiple File Inclusions

ProMan Download: http://sourceforge.net/projects/pman/files/ RFI Code LFI Code includeonce'lang/'.$SESSION'userLang'.'/elisttasks.php'; if !defined'PROMAN' pexit $l'no hack'; PoC RFI: phpRAINCHECKpath/center.php?page=Shell PoC LFI: phpRAINCHECKpath/elisttasks.php?SESSIONuserLang=LFI%00...

trixbox Cisco Phone Services PhoneDirectory.php ID Parameter SQL Injection

The version of the Cisco Phone Services phone directory script 'cisco/services/PhoneDirectory.php' installed as part of the web interface for trixbox or Asterisk@Home, as it was formerly known and hosted on the remote web server fails to sanitize input to the 'ID' parameter before using it in a...

CVE-2010-0678

PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includesdirectory parameter...

Scriptegrator Plugin for Joomla! 'files[]' Parameter Remote File Include

The version of the Core Design Scriptegrator plugin for Joomla! running on the remote host is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'files' parameter before using it in the cdscriptegrator/libraries/highslide/js/jsloader.php...

Open Flash Chart/Pwiki Remote Code Execution Vulnerability

Exploit for unknown platform in category web applications ========================================================== Open Flash Chart/Pwiki Remote Code Execution Vulnerability ========================================================== Author: GoLdeN-z3r0 Title: Open Flash Chart/Pwiki Remote Code...

openSUSE Security Update : horde (horde-1947)

This update of horde fixes : - CVE-2009-3236: CVSS v2 Base Score: 5.0: Overwrite arbitrary files and execute PHP code - CVE-2009-3237: CVSS v2 Base Score: 5.0: Cross-Site Scripting XSS - CVE-2009-3701: CVSS v2 Base Score: 4.3: Cross-Site Scripting XSS - CVE-2009-4363: CVSS v2 Base Score: 4.3:...