RunCMS xoopsOption Parameter Local File Inclusion

The version of RunCMS installed on the remote host fails to sanitize user input to the 'xoopsOptionpagetype' parameter before using it to include PHP code in 'include/common.php'. Regardless of PHP's 'registerglobals' setting, an unauthenticated, remote attacker may be able to exploit this issue ...

CVE-2007-6105

Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 languagefile parameter to a comments-display-tpl.php and b addons/separate-comments-mod/my-comments-display-tpl.php and the 2 configcommentsformtpl paramete...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 languagefile parameter to a comments-display-tpl.php and b addons/separate-comments-mod/my-comments-display-tpl.php and the 2 configcommentsformtpl paramete...

Code injection

Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php...

CVE-2007-6082

Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php...

CVE-2007-6082

Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php...

Underground CMS 1.x - Search.Cache.Inc.php Backdoor Access

Underground CMS 1.x - Search.Cache.Inc.php Backdoor Access Ucms v. 1.8 Np exploit function sethostseite document.host.action = seite + 'index.php?&q=test&e=1'; document.all.data.innerHTML = document.host.action; Ucms v. 1.8 Np exploit Actual Request: Host: Password: Phpcode: phpinfo; ? !-- It�s...

CVE-2007-6057

PHP remote file inclusion vulnerability in index.php in datecomm Social Networking Script aka Myspace Clone Script allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Confixx Professional 3.2.1 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2007-5995

PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter...

X-pad guestbook there is a great security-vulnerability warning-the black bar safety net

This program can search http://www. baidu. com/baidu? wd=x-pad&cl=3x-pad the keywords.。 On this guestbook, I found a modified version of the drawing: "Based on the text of the php guestbook,easy to install,powerful,good safety,the appearance of custom is strong,is a very useful guest book,...

Code injection

Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter...

CVE-2007-5822

Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php...

Code injection

Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php...

scribe-exec.txt

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Scribe...

WordPress BackUpWordPress Plugin <= 0.4.2 - Remote File Inclusion

Because og this vulnerability, the attackers can execute arbitrary PHP code via a URL in the "bkpwppluginpath" parameter. Solution Update the plugin...

Remote file inclusion

PHP remote file inclusion vulnerability in inc/sigeinit.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYSPATH parameter...

CVE-2007-5780

PHP remote file inclusion vulnerability in pub/pub08comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter...