Datafeed Studio - patch.php Remote File Inclusion

Datafeed Studio - patch.php Remote File Inclusion source: https://www.securityfocus.com/bid/30659/info Datafeed Studio is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...

Datafeed Studio - 'patch.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/30659/info Datafeed Studio is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in th...

CVE-2008-3575

PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSgsLanguage parameter, a different vector than CVE-2006-4477 and CVE-2004-0132...

e107 <= 0.7.11 Arbitrary Variable Overwriting Vulnerability

Exploit for unknown platform in category web applications =========================================================== e107 = 0.7.11 Arbitrary Variable Overwriting Vulnerability =========================================================== GulfTech Security Research August 07, 2008 Vendor : Steve...

e107 download.php extract() Function Variable Overwrite

The version of e107 installed on the remote host contains an unsafe call to 'extract' in the 'download.php' script. An unauthenticated, remote attacker can leverage this issue to overwrite arbitrary PHP variables, leading to arbitrary PHP code execution, SQL injection, as well as other sorts of...

e107 &lt; 0.7.11 - Arbitrary Variable Overwriting

GulfTech Security Research August 07, 2008 Vendor : Steve Dunstan URL : http://www.e107.org/ Version : e107 = 0.7.11 Risk : Arbitrary Variable Overwriting Description: e107 is a popular full featured content management system written in php. Unfortunately e107 suffers from an arbitrary variable...

Pligg settemplate.php template Parameter Local File Inclusion

The remote host is running Pligg, an open source content management system. The installed version of Pligg fails to sanitize the 'template' cookie before using it in 'config.php' to include PHP code. An unauthenticated, remote attacker can exploit this issue to view arbitrary files or even execut...

H0tturk Panel - &#039;gizli.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/30468/info H0tturk Panel is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the...

H0tturk Panel - gizli.php Remote File Inclusion

H0tturk Panel - gizli.php Remote File Inclusion source: https://www.securityfocus.com/bid/30468/info H0tturk Panel is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file...

Remote file inclusion

PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter...

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection

Pligg CMS 9.9.0 - Cross-Site Scripting Local File Inclusion SQL Injection GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg alertdocument.cookie; The above example link would display the end users cookie to them. Of course this can also be use...

Pligg CMS 9.9.0 - Remote Code Execution

Pligg CMS 9.9.0 - Remote Code Execution !/usr/bin/perl -w use LWP::UserAgent; use MIME::Base64; use Digest::MD5 qwmd5hex; use Getopt::Std; getopts'h:', %args; print "\n"; print " Pligg new; $http-agent'Mozilla/5.0 Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1 Gecko/2008070208 Firefox/3.0.1';...

Remote file inclusion

PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter...

CVE-2008-3298

SocialEngine SE before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code...

Code injection

SocialEngine SE before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code...

CVE-2008-3298

SocialEngine SE before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code...

EZContents - minicalendar.php Remote File Inclusion

EZContents - minicalendar.php Remote File Inclusion source: https://www.securityfocus.com/bid/30373/info ezContents CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in...

EZContents - &#039;minicalendar.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/30373/info ezContents CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allo...

Flip 3.0 - &#039;config.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/30312/info Flip is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the...

Flip 3.0 - config.php Remote File Inclusion

Flip 3.0 - config.php Remote File Inclusion source: https://www.securityfocus.com/bid/30312/info Flip is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of th...