V-webmail Multiple PHP Remote File Inclusion Vulnerability

The host is running V-webmail and is prone to Multiple PHP Remote File Inclusion vulnerability. OpenVAS Vulnerability Test $Id: gbv-webmailmultfileincvuln.nasl 4906 2017-01-02 13:06:55Z teissa $ V-webmail Multiple PHP Remote File Inclusion Vulnerability Authors: Sharath S Copyright: Copyright c...

CVE-2009-2218

Multiple PHP remote file inclusion vulnerabilities affect phpCollegeExchange 0.1.5c when register_globals is enabled. The flaws allow an attacker to trigger arbitrary PHP code execution by supplying a URL in the home parameter to several PHP scripts (i_head.php, i_nav.php, user_new_2.php, house/m...

CVE-2009-2182

Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALSgcampsiteDir parameter to 1 adpopup.php, 2 camphtml.php, 3 initcontent.php, 4 logout.php, 5 menu.php, and 6 set-author.php in admin-files/; 7...

Acajoom Component for Joomla! <= 3.2.6 Backdoor Detection

Acajoom, a third-party component for Joomla! for managing mailing lists, newsletters, auto-responders, and other communications, is running on the remote host. This version of Acajoom is equal or prior to 3.2.6. It is, therefore, affected by a backdoor in the self.acajoom.php script. An...

Remote file inclusion

PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fsjavascript parameter...

WordPress FireStats Plugin <= 1.6.1 - Remote File Inclusion

Because of this vulnerability in firestats-wordpress.php, the attackers can execute arbitrary PHP code via a URL in the "fsjavascript" parameter. Solution Update the plugin...

Code injection

Static code injection vulnerability in addreg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted 1 url and 2 location parameter...

CVE-2009-2111

Static code injection vulnerability in addreg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted 1 url and 2 location parameter...

CVE-2009-2111

CVE-2009-2111 affects DB Top Sites 1.0, with a vulnerability in the file add_reg.php that allows static code injection . A remote attacker can inject arbitrary PHP code by supplying crafted parameters for the (1) url and (2) location, enabling code execution on the affected system. This is docume...

CVE-2009-2111

Static code injection vulnerability in addreg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted 1 url and 2 location parameter...

DB Top Sites 1.0 Remote Command Execution Exploit

No description provided by source. ?php / ------------------------------------------------------------ + About DB Top Sites v1.0 Remote Command Execution Exploit Script homepage : http://www.jnmsolutions.co.uk/topsites/ Author : SirGod Thanks to : Nytro Website : www.mortal-team.org...

eliteCMS multiple Vulnerabilities

eliteCMS is prone to a vulnerability that lets attackers upload and execute arbitrary PHP code. The application is also prone to a cross-site scripting issue and to a SQL Injection Vulnerability. These issues occur because the application fails to sufficiently sanitize user-supplied input...

eliteCMS Multiple Vulnerabilities

eliteCMS is prone to a vulnerability that lets attackers upload and execute arbitrary PHP code. The application is also prone to a cross-site scripting issue and to a SQL Injection Vulnerability. These issues occur because the application fails to sufficiently sanitize user-supplied input...

phpMyAdmin - &#039;/scripts/setup.php&#039; PHP Code Injection

!/bin/bash CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11 by pagvac gnucitizen.org, 4th June 2009. special thanks to Greg Ose labs.neohapsis.com for discovering such a cool vuln, and to str0ke milw0rm.com for testing this PoC script and providing feedback! PoC...

phpMyAdmin - scriptssetup.php PHP Code Injection

phpMyAdmin - scriptssetup.php PHP Code Injection !/bin/bash CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11 by pagvac gnucitizen.org, 4th June 2009. special thanks to Greg Ose labs.neohapsis.com for discovering such a cool vuln, and to str0ke milw0rm.com for testin...

CVE-2009-1946

PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter...

CVE-2009-1946

PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter...

CVE-2009-1936

functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrar...

CVE-2009-1936

The CVE-2009-1936 entry concerns cpCommerce 1.2.x (possibly including 1.2.9) and related variants. The root cause is in _functions.php: when called directly, a redirect is issued but not exited, allowing bypass of a protection mechanism that enables remote file inclusion and directory traversal v...

Movie PHP Script 2.0 Code Execution

Movie PHP Script v2.0 Remote PHP Code Execution + Discovered By SirGod + www.mortal-team.org + Remote PHP Code Execution - Vulnerable code in system/services/init.php : --------------------------------------------------------------------------------- Line 84 : @evalstripslashes$REQUEST'anticode';...