CVE-2008-6446

Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter...

CVE-2008-6445

Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors, possibly related to improper authentication and the ability to upload arbitrary PHP code. NOTE: some of these details are obtained from third party information...

CVE-2008-6445

Technical details about CVE-2008-6445 are not publicly available in the provided documents. The entries repeat generic vulnerability notes with no concrete affected versions, exploit vectors, or remediation steps.

cms s.builder 3.7 - Remote File Inclusion

CMS S.Builder = 3.7 RFI Vulnerability Information: Vendor: http://www.sbuilder.ru Affected versions: 3.7 and possibly later versions Description: The engine of this cms makes site files index.php, etc with code like: --- PHP Code: if !isset$GLOBALS'binnincludepath' $GLOBALS'binnincludepath' = '';...

CMS S.Builder 3.7 Remote File Inclusion

CMS S.Builder = 3.7 RFI Vulnerability Information: Vendor: http://www.sbuilder.ru Affected versions: 3.7 and possibly later versions Description: The engine of this cms makes site files index.php, etc with code like: --- PHP Code: if !isset$GLOBALS'binnincludepath' $GLOBALS'binnincludepath' = '';...

Remote file inclusion

PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpldir parameter...

CVE-2008-6402

PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the moddir parameter...

Mandrake Security Advisory MDVSA-2009:052 (php-smarty)

The remote host is missing an update to php-smarty announced via advisory MDVSA-2009:052. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

CVE-2008-6305

PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the APIHOMEDIR parameter...

CVE-2008-6251

PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter...

Pyrophobia 2.1.3.1 LFI Command Execution Exploit

Exploit for unknown platform in category web applications ================================================ Pyrophobia 2.1.3.1 LFI Command Execution Exploit ================================================ !/usr/bin/perl...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2008-6223

PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior WOTW 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php...

Code injection

Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party...

CVE-2008-6206

Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENTROOT parameter to 1 graph.php and 2 robotstats.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...

RavenNuke avartarlist.php模块PHP代码注入漏洞

BUGTRAQ ID: 33787 RavenNuke是基于PHP和MySQL的自动新闻发布和内容管理系统。 RavenNuke的avatarlist.php模块没有正确地验证对pregreplace调用所传送的patterns和replacements参数，远程攻击者可以通过向服务器提交恶意请求导致注入并执行任意PHP代码。以下是有漏洞的代码段： $patterns0 = '/.gif/'; $patterns1 = '/.png/'; ... $replacements1 = ''; $replacements0 = ''; ... $entryname =...

lastRSS autoposting bot MOD 0.1.3 - 'phpbb_root_path' Remote File Inclusion

source: https://www.securityfocus.com/bid/33843/info lastRSS autoposting bot MOD is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP co...

PHCDownload 1.1.0 Vulnerabilities

A file content management and manipulation system unlike any other available on the market today, with unique innovations, tools, and design, customising and producing your database is made easy. PHCDownload has been designed for integration into existing websites with its highly customisable...

lastRSS autoposting bot MOD 0.1.3 - phpbb_root_path Remote File Inclusion

lastRSS autoposting bot MOD 0.1.3 - phpbbrootpath Remote File Inclusion source: https://www.securityfocus.com/bid/33843/info lastRSS autoposting bot MOD is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit...