Echo Security Advisory 2006.44

ECHOADV44$2006 ------------------------------------------------------------------------------ ECHOADV44$2006 PHP Simple Shop = 2.0 abspath Remote File Inclusion ------------------------------------------------------------------------------ Author : Ahmad Maulana a.k.a Matdhule Date Found : August...

Mambo Component LMTG Myhomepage 1.2 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/19584/info The lmtgmyhomepage component for Mambo is prone multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing maliciou...

CVE-2006-4196

PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatesdir parameter...

CVE-2006-4215

PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoadConfig9990loadFile parameter...

CVE-2006-4198

PHP remote file inclusion vulnerability in includes/session.php in Wheatblog wB 1.1 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wbclassdir parameter...

Zen Cart autoload_func.php autoLoadConfig Array Remote File Inclusion

The version of Zen Cart installed on the remote host fails to sanitize input to the 'autoLoadConfig' array parameter before using it in 'includes/autoloadfunc.php' to include PHP code. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be able to exploit these...

Blog:CMS 4.1 - Dir_Plugins Multiple Remote File Inclusions

Blog:CMS 4.1 - DirPlugins Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/19577/info Blog:CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary...

solpot-adv-04.txt

SolpotCrew Community modernbill ver 1.6 DIR Remote File Inclusion Download file : http://freshmeat.net/projects/modernbill/ Bug Found By :Solpot a.k.a k. Hasibuan 03-08-2006 contact: [email protected] Website : http://www.solpotcrew.org/adv/solpot-adv-04.txt Greetz: choi , cow1seng , Ibnusi...

CVE-2006-4163

PHP remote file inclusion vulnerability in clsfasttemplate.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE: another researcher was unable to find a way to execute code after including it via a URL. CVE...

Mambo Component Reporter 1.0 - 'Reporter.sql.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/19553/info Reporter a Mambo component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute...

Mambo Component Reporter 1.0 - Reporter.sql.php Remote File Inclusion

Mambo Component Reporter 1.0 - Reporter.sql.php Remote File Inclusion source: https://www.securityfocus.com/bid/19553/info Reporter a Mambo component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to...

Zen Cart Web Shopping Cart 1.3.0.2 - 'autoload_func.php?autoLoadConfig[999][0][loadFile]' Remote File Inclusion

source: https://www.securityfocus.com/bid/19543/info Zen Cart is prone to multiple remote and local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote and local files containing malicious PHP cod...

Lizge 20 - 'index.php' Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/19533/info Lizge is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in t...

Zen Cart Web Shopping Cart 1.3.0.2 - autoload_func.php?autoLoadConfig[999][0][loadFile] Remote File Inclusion

Zen Cart Web Shopping Cart 1.3.0.2 - autoloadfunc.php?autoLoadConfig9990loadFile Remote File Inclusion source: https://www.securityfocus.com/bid/19543/info Zen Cart is prone to multiple remote and local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An...

Lizge 20 - index.php Multiple Remote File Inclusions

Lizge 20 - index.php Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/19533/info Lizge is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote...

GLSA-200608-19 : WordPress: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200608-19 WordPress: Privilege escalation The WordPress developers have confirmed a vulnerability in capability checking for plugins. Impact : By exploiting a flaw, a user can circumvent WordPress access restrictions when using...

CVE-2006-4085

PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project TSEP 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsepconfigabsPath parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this...

CVE-2006-4076

Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition docpile:we 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INITPATH parameter to 1 lib/access.inc.php, 2 lib/folders.inc.php, 3 lib/init.inc.php or 4 lib/templates.inc.php...

CVE-2006-4077

PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager CWFM 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter...

CVE-2006-4053

PHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter...