7189 matches found
CVE-2006-2747
Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. dot dot sequence and trailing null %00 byte in the subsite parameter in a showsubsite todo...
Remote file inclusion
PHP remote file inclusion vulnerability in language/langenglish/langactivity.php in Activity MOD Plus Amod 1.1.0, as used with phpBB when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter. NOTE: This is a similar vulnerabili...
Directory traversal
Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. dot dot sequence and trailing null %00 byte in the subsite parameter in a showsubsite todo...
CVE-2006-2747
Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. dot dot sequence and trailing null %00 byte in the subsite parameter in a showsubsite todo...
SiteBuilder-FX - 'top.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/18756/info SiteBuilder-FX is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...
SiteBuilder-FX - top.php Remote File Inclusion
SiteBuilder-FX - top.php Remote File Inclusion source: https://www.securityfocus.com/bid/18756/info SiteBuilder-FX is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...
Remote file inclusion
PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYSMYPATHTEMPLATES parameter...
Remote file inclusion
PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALSAAINCPATH parameter in 1 cached.php3, 2 cron.php3, 3 discussion.php3, 4 filldisc.php3, 5 filler.php3, 6 fillform.php3, 7 go.php3, 8 hiercons.php3, 9...
osTicket 1.x - 'Open_form.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/18190/info osTicket is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PH...
dokuwiki -- multiple vulnerabilities
Multiple vulnerabilities have been reported within dokuwiki. dokuwiki is proven vulnerable to: arbitrary PHP code insertion via spellcheck module, XSS attack via "Update your account profile," bypassing of ACL controls when enabled...
Remote file inclusion
PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGpeardir parameter...
CVE-2006-2667
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in 1 wp-content/cache/userlogins/ 2...
DEBIAN-CVE-2006-2667
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in 1 wp-content/cache/userlogins/ 2...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to 1 modules/credits/business.php, 2 modules/credits/credits.php, or 3 modules/credits/help.php...
CVE-2006-2667
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in 1 wp-content/cache/userlogins/ 2...
Code injection
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in 1 wp-content/cache/userlogins/ 2...
CVE-2006-2667
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in 1 wp-content/cache/userlogins/ 2...
ipb search.php vulnerability analysis and thinking-vulnerability warning-the black bar safety net
Author: SuperHeiAtph4nt0m.org Blog: http://superhei.blogbus.com/ Team: http://www.ph4nt0m.org Data: 2006-04-27 Simple analysis The vulnerability is another one of pregreplace+/e vulnerability,代码 在 \sources\actionadmin\search.php line 1 2 5 8-1 2 6 a 2: if $this-ipsclass-input'lastdate' $this-outp...
UBB.threads addpost_newpoll.php thispath Parameter Remote File Inclusion
The version of UBB.threads installed on the remote host fails to sanitize input to the 'thispath' parameter before using it in a PHP include function in the 'addpostnewpoll.php' script. Provided PHP's 'registerglobals' setting is enabled, an unauthenticated attacker may be able to exploit this fl...
CVE-2006-2608
artmedic newsletter 4.1 and possibly other versions, when registerglobals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an...