7190 matches found
CVE-2006-3173
Multiple PHP remote file inclusion vulnerabilities in ContentBuilder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pathcb parameter to a libraries/comment/postComment.php and b modules/poll/poll.php, 2 rel parameter to c modules/archive/overview.inc.php, and the 3...
CVE-2006-3172
Multiple PHP remote file inclusion vulnerabilities in ContentBuilder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash / character in the 1 langpath parameter to a cms/plugins/colman/column.inc.php, b cms/plugins/poll/poll.inc.php, c...
[SA20713] CMS Faethon "mainpath" File Inclusion and Cross-Site Scripting Vulnerabilities
---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...
Code injection
CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files...
CVE-2006-2931
CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files...
CVE-2006-3102
Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the modmime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles...
PictureDis Products "lang" Parameter File Inclusion Vulnerability
PictureDis Products "lang" Parameter File Inclusion Vulnerability ================================================= Input passed to the "lang" parameter in thumstbl.php, wpfiles.php, and wallpapr.php is not properly verified before being used to include files. This can be exploited to execute...
RahnemaCo - page.php PageID Remote File Inclusion
RahnemaCo - page.php PageID Remote File Inclusion source: https://www.securityfocus.com/bid/18490/info RahnemaCo is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of t...
RahnemaCo - 'page.php' PageID Remote File Inclusion
source: https://www.securityfocus.com/bid/18490/info RahnemaCo is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker ...
mcGuestbook 1.3 - 'admin.php?lang' Remote File Inclusion
source: https://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code an...
Indexu 5.0.1 - Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/18477/info Indexu is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing...
mcGuestbook 1.3 - 'ecrire.php?lang' Remote File Inclusion
source: https://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code an...
mcGuestbook 1.3 - lire.php?lang Remote File Inclusion
mcGuestbook 1.3 - lire.php?lang Remote File Inclusion source: https://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include...
mcGuestbook 1.3 - ecrire.php?lang Remote File Inclusion
mcGuestbook 1.3 - ecrire.php?lang Remote File Inclusion source: https://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include...
mcGuestbook 1.3 - admin.php?lang Remote File Inclusion
mcGuestbook 1.3 - admin.php?lang Remote File Inclusion source: https://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include...
GLSA-200606-16 : DokuWiki: PHP code injection
The remote host is affected by the vulnerability described in GLSA-200606-16 DokuWiki: PHP code injection Stefan Esser discovered that the DokuWiki spell checker fails to properly sanitize PHP's 'complex curly syntax'. Impact : A unauthenticated remote attacker may execute arbitrary PHP commands ...
CVE-2006-3019
Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMSINCLUDEPATH parameter to files in parser/include/ including 1 class.parserphpcms.php, 2 class.sessionphpcms.php, 3 class.editphpcms.php, 4...
CVE-2006-3019
Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMSINCLUDEPATH parameter to files in parser/include/ including 1 class.parserphpcms.php, 2 class.sessionphpcms.php, 3 class.editphpcms.php, 4...
CVE-2006-3028
PHP remote file inclusion vulnerability in statmodules/usersage/module.php in Minerva 2.0.8a Build 237 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
ISPConfig 2.2.3 - Multiple Remote File Inclusions
ISPConfig 2.2.3 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/18441/info ISPConfig is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these...