CVE-2006-2323

Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in 1 editsite.php, 2 addsite.php, and 3 in.php. NOTE: The config.php vector is already covered by CVE-2006-1749...

Hackmaster Group DMCounter Remote File Include

Script: DMCounter Version: 0.9.2-b Language: PHP Problem: Remote File Include Vendor: http://Www.HackMaster.Us Discovered by: C-W-Mathackmasterdotus Description ============= Statistics software based on PHP which does not require any database support but just uses flat files. Daily + monthly...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 clarolineRepositorySys parameter in ldap.inc.php and the 2 claroCasLibPath parameter in casProcess.inc.php...

Design/Logic Flaw

X-Scripts X-Poll xpoll 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it...

CVE-2006-2281

X-Scripts X-Poll xpoll 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it...

Remote file inclusion

PHP remote file inclusion vulnerability in auction\auctioncommon.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2006-2261

PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

ISPConfig 2.2.2/2.2.3 - 'Session.INC.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17909/info ISPConfig is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...

ISPConfig 2.2.22.2.3 - Session.INC.php Remote File Inclusion

ISPConfig 2.2.22.2.3 - Session.INC.php Remote File Inclusion source: https://www.securityfocus.com/bid/17909/info ISPConfig is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this iss...

x7chatphp.txt

!/usr/bin/php -q -d shortopentag=on works regardless of magicquotesgpc settings\r\n"; echo " if avatar uploads are enabled default\r\n"; echo "dork: intitle:"X7 Chat Help Center" | "Powered By X7 Chat"\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host:...

CVE-2006-2149

PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIGpath parameter, as demonstrated by including a GIF that contains PHP code...

Fast Click SQL Lite 1.1.21.1.3 - show.php Remote File Inclusion

Fast Click SQL Lite 1.1.21.1.3 - show.php Remote File Inclusion source: https://www.securityfocus.com/bid/17819/info Fast Click SQL Lite is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can...

Fast Click SQL Lite 1.1.2/1.1.3 - 'show.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17819/info Fast Click SQL Lite is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

Remote file inclusion

PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...

CVE-2006-2137

PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classesdir parameter...

X7 Chat 2.0 - help_file Remote Command Execution

X7 Chat 2.0 - helpfile Remote Command Execution !/usr/bin/php -q -d shortopentag=on works regardless of magicquotesgpc settings\r\n"; echo " if avatar uploads are enabled default\r\n"; echo "dork: intitle:"X7 Chat Help Center" | "Powered By X7 Chat"\r\n\r\n"; if $argc4 echo "Usage: php...

CVE-2006-2129

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

Code injection

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

CVE-2006-2129

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...