Remote file inclusion

PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xmldir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the libdir...

CVE-2008-6807

PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xmldir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the libdir...

Bitweaver <= 2.6 saveFeed() Remote Code Execution Exploit

Exploit for unknown platform in category web applications ========================================================= Bitweaver saveFeed $rssversionname, $cacheFile ; ... it calls saveFeed function in an insecure way, arguments are built on $REQUESTversion var and may contain directory traversal...

CVE-2009-1512

Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php...

Golabi CMS 1.0.1 - Session Poisoning

-------------------------------------------------------------------------------- \ \ / \ | | / \ /\ \ \ \ /| | \ /|| / / | /| /\ / \ / / / // / /// / -------------------------------------------------------------------------------- wWw.CrazyAngel.iR - info-AT-CrazyAngel.iR...

CVE-2008-6768

Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/...

Unrestricted file upload

Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/...

CVE-2008-6773

The CVE-2008-6773 entry concerns YourPlace 1.0.2 and earlier, where a static code injection flaw in user/internettoolbar/edit.php allows remote authenticated users to execute arbitrary PHP via 10 fav parameters, resulting in partial impact to confidentiality, integrity, and availability. The root...

CVE-2008-6761

Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter aka the Database Name field. NOTE: the installation instructions specify deleting admin/install.php...

CVE-2009-1463

Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file...

Code injection

Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file...

Code injection

Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter aka the Database Name field. NOTE: the installation instructions specify deleting admin/install.php...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code...

CVE-2009-1459

Cross-site request forgery CSRF vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code...

CVE-2008-6761

CVE-2008-6761 affects Flexcustomer 0.0.6 and is a static code injection vulnerability in admin/install.php that enables remote attackers to inject arbitrary PHP into const.inc.php via the installdbname parameter (Database Name field). The issue stems from admin/install.php and installation notes ...

CVE-2008-6761

Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter aka the Database Name field. NOTE: the installation instructions specify deleting admin/install.php...

Remote file inclusion

PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the pagecontent parameter...

CVE-2009-1450

PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the pagecontent parameter...

LightBlog 9.9.2 Code Execution

"; 74. 75. $fd = fopen $newaccountfile, "w"; 76. chmod$newaccountfile, 0777; 77. fwrite $fd, $details; 78. fclose$fd; An attacker could be able to inject and execute arbitrary PHP code due to new accounts are saved with "php...

Remote file inclusion

PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter...