CVE-2007-4279

PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the pathtoroot parameter...

Mapos-Scripts.de Gastebuch 1.5 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/25252/info Mapos-Scripts.de Gastebuch is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP...

Mapos-Scripts.de Gastebuch 1.5 - index.php Remote File Inclusion

Mapos-Scripts.de Gastebuch 1.5 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/25252/info Mapos-Scripts.de Gastebuch is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this iss...

CVE-2007-4262

Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/...

CVE-2007-4262

EZPhotoSales 1.9.3 and earlier has an unrestricted file upload vulnerability that lets remote authenticated administrators upload and execute arbitrary PHP code under the OnlineViewing/galleries/ path. The root cause is unrestricted file upload enabling code execution, allowing an admin with vali...

CVE-2007-4262

Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/...

Sql injection

Multiple eval injection vulnerabilities in the comsearch component in Joomla! 1.5 beta before RC1 aka Mapya allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to defaultresults.php in 1 components/comsearch/views/search/tmpl/ and 2...

CVE-2007-4182

Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/...

Remote file inclusion

PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a...

Unrestricted file upload

Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/...

CVE-2007-4187

CVE-2007-4187 affects Joomla! 1.5 beta before RC1 (Mapya). The vulnerability stems from multiple eval-injection flaws in the com_search component, specifically related to the searchword parameter being passed to eval() via default_results.php (1) components/com_search/views/search/tmpl/ and (2) t...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 include parameter to a Main.php and b get.php and the 2 exec parameter to c count.php...

CVE-2007-4170

Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the 1 include parameter to a Main.php and b get.php and the 2 exec parameter to c count.php...

CVE-2007-4167

PHP remote file inclusion vulnerability in catviewed.php in AL-Caricatier 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the CatName parameter...

Unfixed XSS vulnerability at www.madridteacher.com

Security researcher zuppergazi, has submitted on 08/03/2007 a cross-site-scripting XSS vulnerability affecting www.madridteacher.com, which at the time of submission ranked 234111 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/03/2007. It i...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in phpWebFileManager 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the PNPathPrefix parameter. NOTE: this issue is disputed by a reliable third party, who demonstrates that PNPathPrefix is defined before use...

CVE-2007-4120

Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 classfile parameter to includes/functions.php, the 2 nextitem parameter to includes/functionscron.php, and the 3 specialtemplates parameter to...

Remote file inclusion

PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the loginform parameter, a different vector than CVE-2006-3776...

CVE-2007-4057

Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio 121 and earlier allows remote authenticated users to upload arbitrary PHP code via a filename ending with 1 .php.gif, 2 .php.jpg, or 3 .php.png...

Global Centre Aplomb Poll 1.1 - admin.php?Madoa Remote File Inclusion

Global Centre Aplomb Poll 1.1 - admin.php?Madoa Remote File Inclusion source: https://www.securityfocus.com/bid/25138/info Aplomb Poll is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these...