CVE-2006-6648

PHP remote file inclusion vulnerability in main.inc.php in planetluc.com RateMe 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtoscript parameter...

CVE-2006-6612

PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the basepathstart parameter...

VerliAdmin <= 0.3 (index.php) Remote File Include Exploit

Exploit for unknown platform in category web applications ========================================================= VerliAdmin = 0.3 index.php Remote File Include Exploit ========================================================= ? / P.S Chcialem serdecznie niepozdrowic wszystkie kurwy takie jak N...

CVE-2006-6586

Multiple PHP remote file inclusion vulnerabilities in Vortex Blog vBlog, aka C12 a0.1nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in 1 secure.php or 2 checklogin.php in admin/auth/...

CVE-2006-6591

PHP remote file inclusion vulnerability in fonctions/template.php in EXlor 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the repphp parameter...

CVE-2006-6590

PHP remote file inclusion vulnerability in usercpmenu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the scriptfolder parameter...

CVE-2006-6566

PHP remote file inclusion vulnerability in includes/profilcpconstants.php in the Profile Control Panel CPanel module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the modulerootpath parameter...

PhpLeague &quot;cheminmini&quot;远程文件包含漏洞

PhpLeague是一款基于PHP的WEB应用程序。 PhpLeague不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'consult/miniseul.php'和'config.php'脚本对用户提交的'cheminmini'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 PhpLeague 0.x 升级到0.82版本： http://phpleague.univert.org/...

CVE-2006-6541

PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter. NOTE: the vendor disputes this issue, stating that only Warez versions of Animated Smiley...

CVE-2006-6527

PHP remote file inclusion vulnerability in guest.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-6511

dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain 1 feature, 2 editor, 3 newswire, 4 otherpress, 5 admin, 6 pbook, 7 media, or 8 mod, which are...

GenesisTrader 1.0 - form.php Arbitrary File Source Disclosure

GenesisTrader 1.0 - form.php Arbitrary File Source Disclosure source: https://www.securityfocus.com/bid/21595/info GenesisTrader is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include multiple...

CVE-2006-6511

The CVE-2006-6511 entry concerns the product dadaIMC .99.3, where an insufficiently restrictive FilesMatch directive in the installed .htaccess allows remote attackers to execute arbitrary PHP code. Specifically, uploaded files whose names contain any of the words: feature, editor, newswire, othe...

GenesisTrader 1.0 - form.php Multiple Cross-Site Scripting Vulnerabilities

GenesisTrader 1.0 - form.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/21595/info GenesisTrader is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include...

CVE-2006-6462

PHP remote file inclusion vulnerability in engine/oldnews.inc.php in CM68 News 12.02.06 allows remote attackers to execute arbitrary PHP code via a URL in the addpath parameter...

Invisionix Roaming System Remote Pageheaderdefault.Inc.PHP远程文件包含漏洞

Invisionix Roaming System是一款基于PHP的WEB应用程序。 Invisionix Roaming System不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'Pageheaderdefault.Inc.PHP'脚本对用户提交的WEB参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Invisionix Systems Invisionix Roaming System Remote 0.2 http://www.invisionix.org/...

CVE-2006-6453

PHP remote file inclusion vulnerability in JOWAMPShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter...

JCE Admin Component for Joomla! 'plugin' Parameter Local File Include

The version of the JCE Admin component for Joomla! running on the remote host is affected by a local file include vulnerability due to improper sanitization of user-supplied input to the 'plugin' parameter before using it in the components/comjce/jce.php script to include PHP code. Regardless of...

CVE-2006-6338

Unrestricted file upload vulnerability in upload/index.php in deV!Lz Clanportal DZCP before 1.3.6.1 allows remote attackers to upload and execute arbitrary .php files by embedding PHP code in a JPEG or GIF file that is uploaded to inc/images/uploads/userpics/...

dc-arbitrary.txt

/ -061124b- \ | deV!Lz Clanportal - Arbitrary File Upload | \ / S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload...