CVE-2006-1929

PHP remote file inclusion vulnerability in include/common.php in I-Rater Platinum allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter...

Information disclosure

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1922

PHP remote file inclusion vulnerability in 1 about.php or 2 auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the incdir parameter...

CVE-2006-1910

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1896

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...

Code injection

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...

CVE-2006-1895

Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that 1 bypasses a loose "." regular expression to match BEGIN and END statements in overallheader.tpl, or...

CVE-2006-1896

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...

CVE-2006-1896

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...

CVE-2006-1895

The provided data confirms CVE-2006-1895 affecting phpBB: a direct static code injection in includes/template.php allows remote authenticated users with write access to execute arbitrary PHP by modifying templates. The root causes are (1) bypassing a loose regex intended to match BEGIN/END in ove...

CVE-2006-1896

CVE-2006-1896 concerns a vulnerability in phpbb2 where admin users with access to the Admin Panel can cause arbitrary PHP code execution via the Font Colour 3 setting due to insufficient input sanitisation. Debian/DSA-1066-1 documents that the issue arises from how values are sanitised for Font C...

[eVuln] N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities

New eVuln Advisory: N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities http://evuln.com/vulns/121/summary.html --------------------Summary---------------- eVuln ID: EV0121 CVE: CVE-2006-1657 CVE-2006-1658 Vendor: Chucky A. Ivey Software: N.T. Sowtware's Web Site: http://www.v-gfx.net/...

I-RATER Platinum - Common.php Remote File Inclusion

I-RATER Platinum - Common.php Remote File Inclusion source: https://www.securityfocus.com/bid/17623/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue...

otalCalendar - about.php?inc_dir Remote File Inclusion

otalCalendar - about.php?incdir Remote File Inclusion source: https://www.securityfocus.com/bid/17618/info TotalCalendar is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit...

[SA19726] Internet Photoshow "page" File Inclusion Vulnerability

TITLE: Internet Photoshow "page" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA19726 VERIFY ADVISORY: http://secunia.com/advisories/19726/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Internet Photoshow 1.x http://secunia.com/product/9409/ DESCRIPTION: Hessam...

Directory traversal

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hubdir parameter, as demonstrated by including accesslog. NOTE: in some cases, arbitrary remot...

CVE-2006-1819

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hubdir parameter, as demonstrated by including accesslog. NOTE: in some cases, arbitrary remot...

CVE-2006-1819

The CVE-2006-1819 issue affects phpWebSite prior to 0.10.2, where the hub_dir parameter in index.php is not properly validated, enabling local file inclusion via include() and possible PHP code execution. The root cause is inadequate verification of hub_dir, which can allow an attacker to referen...

Monster Top List 1.4 - 'functions.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17546/info Monster Top List is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

phpWebFTP index.php language Parameter Local File Inclusion

The remote host is running phpWebFTP, a web-based FTP client written in PHP. The version of phpWebFTP installed on the remote host fails to sanitize user-supplied input to the 'language' parameter of the 'index.php' script before using it in a PHP 'include' function. An unauthenticated attacker m...