CVE-2007-1097

CVE-2007-1097 affects Wiclear prior to 0.11.1. The onAttachFiles function in inc/lib/attachment.lib.php allows unrestricted file uploads, enabling remote attackers to upload and execute arbitrary PHP code due to filename validation weaknesses. Impact is remote code execution with full compromise ...

CVE-2007-1097

Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool inc/lib/attachment.lib.php in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. NOTE: some details were obtained fro...

CVE-2006-7045

PHP remote file inclusion vulnerability in Clan Manager Pro CMPRO 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the 1 rootpath and possibly 2 sitepath parameters to a cmpro.ext/comment.core.inc.php and b cmpro.intern/comment.core.inc.php. NOTE: the provenanc...

Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit

No description provided by source. !/usr/bin/php URL: http://www.acid-root.new.fr/ ------------------------------------------------------------------- Usage: $argv0 -url -usr -pwd -type Options Params: -url For example http://victim.com/connectix/ -usr The username of your account -pwd The passwo...

Code injection

Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php...

CVE-2007-1073

Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php...

CVE-2007-1073

CVE-2007-1073 involves a static code injection in mcRefer’s install.php. The bgcolor parameter is inserted into mcrconf.inc.php, enabling remote PHP code execution. The vulnerability affects install.php in mcRefer and can lead to complete compromise of affected systems. The available documents do...

CVE-2007-1011

PHP remote file inclusion vulnerability in functionsinc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter...

CVE-2007-1024

PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the SERVERDOCUMENTROOT parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in inc/functionsinc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad, or possibly scriptpfad, parameter...

CVE-2007-1025

PHP remote file inclusion vulnerability in inc/functionsinc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad, or possibly scriptpfad, parameter...

Magic News Plus 1.0.2 - news.php?link_parameters Cross-Site Scripting

Magic News Plus 1.0.2 - news.php?linkparameters Cross-Site Scripting source: https://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote...

Magic News Plus 1.0.2 - preview.php?PHP_script_path Remote File Inclusion

Magic News Plus 1.0.2 - preview.php?PHPscriptpath Remote File Inclusion source: https://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote...

Magic News Plus 1.0.2 - &#039;news.php?&amp;link_parameters&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site scripting vulnerabilities. An...

Magic News Plus 1.0.2 - &#039;preview.php?PHP_script_path&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/22661/info Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site scripting vulnerabilities. An...

CVE-2007-0983

PHP remote file inclusion vulnerability in admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the RootToScript parameter...

CedStat 1.31 - index.php?hier Cross-Site Scripting

CedStat 1.31 - index.php?hier Cross-Site Scripting source: https://www.securityfocus.com/bid/22588/info CedStat is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the...

CedStat 1.31 - &#039;index.php?hier&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/22588/info CedStat is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. This issue affects...

Meganoides News 1.1.1 - Include.php Remote File Inclusion

Meganoides News 1.1.1 - Include.php Remote File Inclusion source: https://www.securityfocus.com/bid/22589/info Meganoide's news is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PH...

Meganoide&#039;s News 1.1.1 - &#039;Include.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/22589/info Meganoide's news is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code in the context of the webserver process. This issue...