CVE-2006-5068

PHP remote file inclusion vulnerability in admin/index.php in Brudaswen 1 BrudaNews 1.1 and earlier and 2 BrudaGB 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the o parameter...

CVE-2006-5021

Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in 1 the root parameter in imgen.php, and the rootpath parameter in 2 admin/config.php, 3 common.php, and 4 admin/index.php. NOTE: the provenance of this...

Blog Pixel Motion 2.1.1 PHP Code Execution / Create Admin Exploit

Exploit for unknown platform in category web applications ================================================================= Blog Pixel Motion 2.1.1 PHP Code Execution / Create Admin Exploit ================================================================= !/usr/bin/perl Affected.scr..: Blog Pixel...

Blog Pixel Motion 2.1.1 - PHP Code Execution Create Admin

Blog Pixel Motion 2.1.1 - PHP Code Execution Create Admin !/usr/bin/perl Affected.scr..: Blog Pixel Motion V2.1.1 Poc.ID........: 12060927 Type..........: PHP Code Execution stripslashes, SQL Injection urldecode Risk.level....: High Vendor.Status.: Unpatched Src.download..:...

WebNews 1.4 - parser.php Remote File Inclusion (2)

WebNews 1.4 - parser.php Remote File Inclusion 2 source: https://www.securityfocus.com/bid/20239/info Web//News is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote...

Web//News 1.4 - 'parser.php' Remote File Inclusion (2)

source: https://www.securityfocus.com/bid/20239/info Web//News is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute i...

Blog Pixel Motion 2.1.1 PHP Code Execution / Create Admin Exploit

No description provided by source. !/usr/bin/perl Affected.scr..: Blog Pixel Motion V2.1.1 Poc.ID........: 12060927 Type..........: PHP Code Execution stripslashes, SQL Injection urldecode Risk.level....: High Vendor.Status.: Unpatched Src.download..: www.pixelmotion.org/zip/blog2.1.zip...

CVE-2006-4979

Direct static code injection vulnerability in cfgphpquiz/install.php in Walter Beschmout PhpQuiz 1.2 and earlier allows remote attackers to inject arbitrary PHP code in config.inc.php via modified configuration settings...

CVE-2006-4977

Multiple unrestricted file upload vulnerabilities in 1 back/uploadimg.php and 2 admin/uploadimg.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/imgquiz folder via the a upload, b okupdate, c image, and d path parameters, possibly...

CVE-2006-4977

Multiple unrestricted file upload vulnerabilities in 1 back/uploadimg.php and 2 admin/uploadimg.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/imgquiz folder via the a upload, b okupdate, c image, and d path parameters, possibly...

CVE-2006-4946

PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder BCWB 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...

CVE-2006-4912

PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter...

phpQuestionnaire 3.12 (phpQRootDir) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ===================================================================== phpQuestionnaire 3.12 phpQRootDir Remote File Include Vulnerability ===================================================================== SolpotCrew Community...

CVE-2006-4859

Unrestricted file upload vulnerability in contact.html.php in the Contact comcontact component in Limbo aka Lite Mambo CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contactattach parameter in a contac...

PT-2006-5603 · Hitweb · Hitweb

Name of the Vulnerable Software and Affected Versions: Hitweb versions 3.0 Description: The issue concerns remote file inclusion vulnerabilities in Hitweb 3.0, allowing remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the REP CLASS parameter to various PHP...

Exponent CMS index.php view Parameter Local File Inclusion

The remote host is running Exponent CMS, an open source content management system written in PHP. The version of Exponent CMS installed on the remote host fails to properly sanitize user-supplied input to the 'view' parameter before using it in the 'modules/calendarmodule/class.php' script to...

PHPQuiz Multiple Remote Vulnerabilites

Title: PHPQuiz = v.1.2 Remote SQL injection/Code Execution Exploit Vendor : PHPQuiz webiste : http://www.phpquiz.com Version : = v.1.2 Severity: Critical Author: Simo64 / simo64atmorxorg MorX Security Reseach Team http://www.morx.org http://www.morx.org/phpquiz.txt Details : SQL injection univers...

SolpotCrew Advisory #11 - ReviewPost 2.5 (RP_PATH) Remote File Inclusion

Solpot Crew Community ReviewPost 2.5 RPPATH Remote File Inclusion Donwload File : http://3-bius.com/ReviewPost.zip Bug Found By :homeedition2001 a.k.a bius 15-09-2006 contact: [email protected] Website : http://www.nyubicrew.org/adv/homeedition2001-adv-01.txt Greetz:...

phpQuiz <= 0.1.2 Remote SQL Injection / Code Execution Exploit

No description provided by source. Title: PHPQuiz = v.1.2 Remote SQL injection/Code Execution Exploit Vendor : PHPQuiz webiste : http://www.phpquiz.com Version : = v.1.2 Severity: Critical Author: Simo64 / simo64atmorxorg MorX Security Reseach Team http://www.morx.org...

Artmedic Links 5.0 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/20064/info The 'artmedic links' application is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to have malicious PHP code execute in the context of the webserver...