CVE-2007-2092

Direct static code injection vulnerability in index.php in Limesoft Guestbook LS Simple Guestbook allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in my little forum 1.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to 1 admin.php and 2 timedifference.php...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to comarticles.php in 1 components/ or 2 classes/html/...

CVE-2007-2095

PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the myroot parameter, a different vector than CVE-2007-0498...

CVE-2007-2084

PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the authmethod parameter to 1 index.php, 2 list.php, 3 postreview.php, 4 reindex.php, 5 sections.php, 6 templates.php, 7 userinfo.php, 8 users.php, and 9 view.php...

CVE-2007-2088

Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 writerFile parameter to index.php and the 2 file parameter to Integrator.php...

CVE-2007-2084

PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the authmethod parameter to 1 index.php, 2 list.php, 3 postreview.php, 4 reindex.php, 5 sections.php, 6 templates.php, 7 userinfo.php, 8 users.php, and 9 view.php...

CVE-2007-2092

Direct static code injection vulnerability in index.php in Limesoft Guestbook LS Simple Guestbook allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2007-2089

The CVE-2007-2089 entry covers multiple PHP remote file inclusion (RFI) vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo/Joomla!. The underlying issue is unsafe handling of the absolute_path parameter to com_articles.php, in either components/ or classes/html/, al...

CVE-2007-2082

Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this...

CVE-2007-2082

Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this...

ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit

Exploit for unknown platform in category web applications =========================================================== ShoutPro ?php echo "...

ls-exec.txt

Special Greetings To - Timq,Warpboy,The-Maggot File: index.php Affects: LS simple guestbook v1 Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize user input that it writes to the posts.txt file...

ShoutPro 1.5.2 - &#039;shout.php&#039; Remote Code Injection

?php echo "\n"; echo " Special Greetings To - Timq,Warpboy,The-Maggot \n"; echo "\n\n\n"; //Writes Files - Under 100 bytes to meet requirements $temppayload = "%3C%3F%24a%3D...

ShoutPro 1.5.2 - shout.php Remote Code Injection

ShoutPro 1.5.2 - shout.php Remote Code Injection ?php echo "\n"; echo " Special Greetings To - Timq,Warpboy,The-Maggot \n"; echo "\n\n\n"; //Writes Files - Under 100 bytes to meet requirements $temppayload = "...

LS simple guestbook - arbitrary code execution

Special Greetings To - Timq,Warpboy,The-Maggot File: index.php Affects: LS simple guestbook v1 Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize user input that it writes to the posts.txt file...

LS Simple Guestbook 1.0 - Remote Code Execution

LS Simple Guestbook 1.0 - Remote Code Execution Special Greetings To - Timq,Warpboy,The-Maggot File: index.php Affects: LS simple guestbook v1 Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize...

LS simple guestbook (v1) Remote Code Execution Vulnerability

Exploit for unknown platform in category web applications ============================================================ LS simple guestbook v1 Remote Code Execution Vulnerability ============================================================ Special Greetings To - Timq,Warpboy,The-Maggot File:...

LS Simple Guestbook 1.0 - Remote Code Execution

Special Greetings To - Timq,Warpboy,The-Maggot File: index.php Affects: LS simple guestbook v1 Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize user input that it writes to the posts.txt file...

CVE-2006-7193

PHP remote file inclusion vulnerability in unittest/testcases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTYDIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTYDIR is a constant...