Remote file inclusion

PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter to 1 index.php and 2 checkout.php...

CVE-2008-0287

PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter to 1 index.php and 2 checkout.php...

CVE-2008-0287

PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter to 1 index.php and 2 checkout.php...

Members Area System 1.7 - view_func.php Remote File Inclusion

Members Area System 1.7 - viewfunc.php Remote File Inclusion source: https://www.securityfocus.com/bid/27244/info Members Area System is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitra...

Members Area System 1.7 - 'view_func.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/27244/info Members Area System is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it i...

Unrestricted file upload

Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors...

CVE-2008-0222

Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors...

Evilsentinel <= 1.0.9 (multiple vulnerabilities) Disable Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo ' Evilsentinel = 1.0.9 Disable Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love '; if $argc3 echo "Usage: php ".$argv0." Host Path newma...

WordPress FileManager Plugin <= 1.2 - Arbitrary File Upload

Because of this vulnerability in ajaxfilemanager.php, the attackers can upload and execute arbitrary PHP code via unspecified vectors. Solution Update the plugin...

LFI in Tuned Studios Templates

Digital Security Research Group DSecRG Advisory DSECRG08-001 Application: Tuned Studios Templates Versions Affected: All Vendor URL: http:/www.tunedstudios.com Bug: Local File Include Exploit: YES Reported: 09.01.2008 Date of Public Advisory: 09.01.2008 Authors: Alexandr Polyakov, Stas Svistunovi...

Tuned Studios Templates Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ========================================================== Tuned Studios Templates Local File Inclusion Vulnerability ========================================================== Digital Security Research Group DSecRG Advisory DSECRG08-001...

DSECRG08-001.txt

Digital Security Research Group DSecRG Advisory DSECRG08-001 Application: Tuned Studios Templates Versions Affected: All Vendor URL: http:/www.tunedstudios.com Bug: Local File Include Exploit: YES Reported: 09.01.2008 Date of Public Advisory: 09.01.2008 Authors: Alexandr Polyakov, Stas Svistunovi...

Tuned Studios Templates - Local File Inclusion

Digital Security Research Group DSecRG Advisory DSECRG08-001 Application: Tuned Studios Templates Versions Affected: All Vendor URL: http:/www.tunedstudios.com Bug: Local File Include Exploits: YES Reported: 09.01.2008 Date of Public Advisory: 09.01.2008 Authors: Alexandr Polyakov, Stas...

CVE-2008-0143

PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter...

Sql injection

Eval injection vulnerability in loudblog/inc/parseold.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter...

CVE-2008-0139

Eval injection vulnerability in loudblog/inc/parseold.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter...

CVE-2008-0139

CVE-2008-0139 affects Loudblog 0.8.0 and earlier. An Eval injection in loudblog/inc/parse_old.php via the template parameter allows remote attackers to execute arbitrary PHP code. CVSS2 base metrics indicate Network access, no authentication, and partial impact to confidentiality, integrity, and ...

CVE-2008-0138

PHP remote file inclusion vulnerability in xoopsgallery/initbasic.php in the modgallery module for XOOPS, when registerglobals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERYBASEDIR parameter...

CVE-2008-0143

CVE-2008-0143 describes a PHP remote file inclusion vulnerability in samPHPweb’s common/db.php (potentially version 4.2.2 and later) as packaged with SAM Broadcaster. An attacker can supply a URL via the commonpath parameter to cause arbitrary PHP code execution. Public CVSS v2 data in the record...

XoopsGallery init_basic.php GALLERY_BASEDIR Parameter Remote File Inclusion

The remote host is running XoopsGallery, a third-party module for Xoops. The version of XoopsGallery installed on the remote host fails to sanitize user-supplied input to the 'GALLERYBASEDIR' parameter of the 'modules/xoopsgallery/initbasic.php' script before using it to include PHP code. Provide...