CVE-2008-3207

PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the 1 sourceFolder or 2 moduleFolder parameter...

fuzzylime (cms) comssrss.php files[] Parameter Traversal Local File Inclusion

The remote host is running fuzzylime cms, a PHP-based content management system. The version of fuzzylime cms installed on the remote host fails to sanitize user-supplied input to the 'files' parameter of the 'commsrss.php' script before using it to include PHP code. Regardless of PHP's...

Community CMS 0.1 - 'include.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/30275/info Community CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow...

Community CMS 0.1 - include.php Remote File Inclusion

Community CMS 0.1 - include.php Remote File Inclusion source: https://www.securityfocus.com/bid/30275/info Community CMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code i...

OpenPro 1.3.1 - search_wA.php Remote File Inclusion

OpenPro 1.3.1 - searchwA.php Remote File Inclusion source: https://www.securityfocus.com/bid/30264/info OpenPro is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the...

OpenPro 1.3.1 - 'search_wA.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/30264/info OpenPro is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute malicious PHP code in the context of the webserver process. This may allow the...

CVE-2008-3184

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO PHPSELF or 2 the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE:...

CVE-2008-3183

PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/toolbar.php in gapicms 9.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dirDepth parameter...

CVE-2008-3184

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO PHPSELF or 2 the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE:...

yuhhupubs-sql.txt

inurl: browse.groups.php Dork 2 -- inurl:browse.events.php Dork 3 -- browse.music.php Dork 4 -- browse.groups.php / settimelimit0; errorreporting0; echo " Yuhhu Pubs Exploit Coded By RMx USERS EXPLOIT : Örnek :http://www.example.com "; if isset$POST'site' $site=$POST'site';...

Unrestricted file upload

Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the UploadAvatar parameter and sending the image/gif content type...

CVE-2008-3093

Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the UploadAvatar parameter and sending the image/gif content type...

CVE-2008-3093

Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the UploadAvatar parameter and sending the image/gif content type...

Site@School 2.4.10 - FCKeditor Session Hijacking Arbitrary File Upload

Site@School 2.4.10 - FCKeditor Session Hijacking Arbitrary File Upload ?php / ------------------------------------------------------------------------- Site@School = 2.4.10 fckeditor Session Hijacking / File Upload Exploit -------------------------------------------------------------------------...

Site@School 2.4.10 - 'FCKeditor' Session Hijacking / Arbitrary File Upload

?php / ------------------------------------------------------------------------- Site@School = 2.4.10 fckeditor Session Hijacking / File Upload Exploit ------------------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 allow remote attackers to execute arbitrary PHP code via a URL in the includeconnection parameter to 1 edittopfeature.php and 2 edittopicsfeature.php in phpi/...

CVE-2008-2981

PHP remote file inclusion vulnerability in admin/templates/templatethumbnail.php in HomePH Design 2.10 RC2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumbtemplate parameter...

Wordtrans-web exec_wordtrans Function Arbitrary Command Execution

The remote host is running wordtrans-web, a web-based front-end for wordtrans, for translating words. The version of wordtrans-web installed on the remote host fails to sanitize input to the 'advanced' parameter of the 'wordtrans.php' script before using it in an 'passthru' statement to execute P...

CVE-2008-2905

PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the CacheLite package in Mambo 4.6.4 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2008-2884

PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information...