Joomla! / Mambo Component Mod_Forum - 'PHPBB_Root.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/24591/info The 'modforum' component for Joomla and Mambo is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containin...

CVE-2007-3325

PHP remote file inclusion vulnerability in lib/language.php in LAN Management System LMS 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205...

CVE-2007-3309

Unspecified vulnerability in Simple Machines Forum SMF 1.1.2 allows remote attackers to execute arbitrary PHP code during 1 creation or 2 editing of a message...

Code injection

Unspecified vulnerability in Simple Machines Forum SMF 1.1.2 allows remote attackers to execute arbitrary PHP code during 1 creation or 2 editing of a message...

CVE-2007-3309

The CVE-2007-3309 entry concerns Simple Machines Forum (SMF) 1.1.2, where a vulnerability enables remote attackers to execute arbitrary PHP code during (1) message creation or (2) message editing. The available sources identify the affected software/version and the code-execution risk but do not ...

CVE-2007-3309

Unspecified vulnerability in Simple Machines Forum SMF 1.1.2 allows remote attackers to execute arbitrary PHP code during 1 creation or 2 editing of a message...

CVE-2007-3292

Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article...

Unrestricted file upload

Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article...

Remote file inclusion

PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter...

PHProjekt: Multiple vulnerabilities

Background PHProjekt is a project management and coordination tool written in PHP. Description Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in PHProjekt, including the execution of arbitrary SQL commands using unknown vectors CVE-2007-1575, the execution of arbitrary PHP...

CVE-2007-3236

PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfigrootpath parameter...

CVE-2007-3240

Cross-site scripting XSS vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI REQUESTURI that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session...

Cross site scripting

Cross-site scripting XSS vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI REQUESTURI that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session...

CVE-2007-3239

Cross-site scripting XSS vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHPSELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative sessio...

CVE-2007-3240

The CVE-2007-3240 entry concerns the WordPress Vistered-Little theme vulnerable in 404.php: XSS via the REQUEST_URI that accesses index.php, potentially allowing remote injection of script/HTML and, per notes, execution in an administrative session. The issue is actionable in the theme code and i...

CVE-2007-3240

Cross-site scripting XSS vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI REQUESTURI that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/spaw/spawcontrol.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656...

Remote file inclusion

PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUMLIB parameter. NOTE: by default, access to the PhpDocumentor directory tree...

CVE-2007-3220

PHP remote file inclusion vulnerability in admin/editor2/spawcontrol.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this may be a duplicate of CVE-2006-4656...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/editor2/spawcontrol.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: this may be a duplicate of CVE-2006-4656...