DMCounter 0.9.2 -b - Kopf.php Remote File Inclusion

DMCounter 0.9.2 -b - Kopf.php Remote File Inclusion source: https://www.securityfocus.com/bid/17756/info DMCounter is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...

Remote file inclusion

PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via 1 README.html or 2 HEADER.html...

CVE-2006-2098

PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via 1 README.html or 2 HEADER.html...

Artmedic Event - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17736/info Artmedic Event is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

CoolMenus 4.0 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17738/info CoolMenus is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...

I-RATER Platinum - 'Config_settings.TPL.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17731/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

I-RATER Platinum - Config_settings.TPL.php Remote File Inclusion

I-RATER Platinum - Configsettings.TPL.php Remote File Inclusion source: https://www.securityfocus.com/bid/17731/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploi...

CoolMenus 4.0 - index.php Remote File Inclusion

CoolMenus 4.0 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/17738/info CoolMenus is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include...

Code injection

actionpublic/search.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "e" execute modifier...

CVE-2006-2059

actionpublic/search.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "e" execute modifier...

Sql injection

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by som...

CVE-2006-2005

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by som...

CVE-2006-2005

CVE-2006-2005 affects ClanSys 1.1 (index.php). The vulnerability is an eval injection in the page parameter that allows remote attackers to execute arbitrary PHP code, demonstrated by injecting an include statement into the eval. Some sources describe it as a file inclusion, but the primary issue...

CVE-2006-2002

PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirbase parameter...

[SA19749] built2go Movie Review "full_path" File Inclusion Vulnerability

TITLE: built2go Movie Review "fullpath" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA19749 VERIFY ADVISORY: http://secunia.com/advisories/19749/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: built2go Movie Review 1.x http://secunia.com/product/9515/...

[Full-disclosure] Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability.

--Security Report-- Advisory: Clansys = 1.1 PHP Code Insertion Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 23/04/06 21:07 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: Clansys http://www.clansys.de.vu/ Versio...

Clansys <= v.1.1 (index.php page) PHP Code Insertion Vulnerability

No description provided by source. NukedX Security Advisory Nr 2006-29 ClanSys v1.1 index.php page PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=29...

Clansys 1.1 - index.php PHP Code Insertion

Clansys 1.1 - index.php PHP Code Insertion NukedX Security Advisory Nr 2006-29 ClanSys v1.1 index.php page PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory:...

Directory traversal

Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." dot dot in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code...

CVE-2006-1963

Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." dot dot in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code...