CVE-2006-6856

Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit edycja operation, which is then executed via a direct request for this script...

CVE-2006-6887

Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/widged.php aka the WidgEd plugin, a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is...

CVE-2006-6809

Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator aka bubla 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 budir or 2 buconfigdir parameter...

CVE-2006-6793

PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

CVE-2006-6786

Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to 1 subscribe.php or 2 unsubscribe.php...

CVE-2006-6796

PHP remote file inclusion vulnerability in admin/adminsettings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the insfile parameter...

CVE-2006-6786

CVE-2006-6786 affects Open Newsletter 2.5 and earlier. The vulnerability enables remote authenticated administrators to execute arbitrary PHP code by inserting code into the email parameter of subscribe.php or unsubscribe.php. This leads to potential code execution with the privileges of the auth...

CVE-2006-6786

Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to 1 subscribe.php or 2 unsubscribe.php...

CVE-2006-6793

PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

JAF CMS Forum.PHP远程文件包含漏洞

Salims Softhouse JAF CMS是一款基于PHP的内容管理程序。 Salims Softhouse JAF CMS不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Forum.PHP'脚本对用户提交的'applAPPL'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Salims Softhouse JAF CMS 4.0 RC1 Salims Softhouse JAF CMS 3.0 RC Salims Softhouse JAF CMS 2.5 Salims Softhous...

CVE-2003-1314

PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook EMGB 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgbadminpath parameter...

CVE-2006-6739

PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTPDOCUMENTROOT parameter, a different vector than CVE-2006-6689...

CVE-2006-6732

PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter...

CVE-2006-6738

PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2006-6727

PHP remote file inclusion vulnerability in inertianewsclass.php in inertianews 0.02 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENTROOT parameter...

Pixel Motion Config.PHP远程命令执行漏洞

Pixel Motion是一款基于PHP的web应用程序。 Pixel Motion不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于‘config. php’脚本对用户提交的web参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Pixel Motion Pixel Motion 2.1.1 目前没有解决方案提供，请关注以下链接： http://www.pixelmotion.org/ !/usr/bin/perl Affected.scr..: Blog Pixel Motion V2.1.1...

Open Newsletter <= 2.5 Multiple Remote Vulnerabilities Exploit (update)

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "\r\n"; echo "Open Newsletter = 2. Muliple Vulnerabilities\r\n"; echo "Site: http://www.selfexile.com/projects/opennewsletter/\r\n"; echo "Dork: "This is a Free & Open Source mailing list manager"\r\n"; echo "by...

CVE-2006-6694

Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. dot dot in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php...

CVE-2006-6661

Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the 1 f, 2 newmessage, 3 newusername, 4 adminuser, and ...

CVE-2006-6661

Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the 1 f, 2 newmessage, 3 newusername, 4 adminuser, and ...