CVE-2007-0486

Multiple PHP remote file inclusion vulnerabilities in Openads aka phpAdsNew 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 phpAdsgeoPlugin parameter to libraries/lib-remotehost.inc, the 2 filename parameter to admin/report-index, or the 3 phpAdsconfigmyfooter...

CVE-2007-0489

PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2007-0485

PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter...

CVE-2007-0487

PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used...

Unrestricted file upload

Unrestricted file upload vulnerability in index.php in phpBP RC3 2.204 and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an imageform parameter specifying a multiple-extension filename...

CVE-2007-0370

Unrestricted file upload vulnerability in index.php in phpBP RC3 2.204 and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an imageform parameter specifying a multiple-extension filename...

Remote file inclusion

PHP remote file inclusion vulnerability in libraries/grabglobals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the incdir parameter...

CVE-2007-0370

Unrestricted file upload vulnerability in index.php in phpBP RC3 2.204 and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an imageform parameter specifying a multiple-extension filename...

Remote file inclusion

PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter...

CVE-2007-0359

PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setupfolder parameter...

CVE-2007-0361

PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter...

Oreon lang/index.php file Parameter Remote File Inclusion

The remote host is running Oreon, a web-based network supervision program based on Nagios. The installation of Oreon on the remote host fails to sanitize input to the 'file' parameter of the 'lang/index.php' script before using it to include PHP code. Regardless of PHP's 'registerglobals' setting...

CVE-2007-0300

PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter...

CVE-2007-0314

Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDEDIR parameter to 1 forms.php, 2 issueedit.php, 3 client.php, and 4 classes.php...

CVE-2007-0298

PHP remote file inclusion vulnerability in show.php in LunarPoll, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter...

GLSA-200701-11 : Kronolith: Local file inclusion

The remote host is affected by the vulnerability described in GLSA-200701-11 Kronolith: Local file inclusion Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. Impact : An authenticated attacker could craft an...

Code injection

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter. NOTE: a reliable third party disputes this vulnerability because thispath is defined before use...

guest402.txt

!/usr/bin/php @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor | status Trying to get logged in | sploit Done | status Trying to add a skin | sploit Done | status Writin...

CVE-2007-0189

PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value...