Monster Top List 1.4 - functions.php Remote File Inclusion

Monster Top List 1.4 - functions.php Remote File Inclusion source: https://www.securityfocus.com/bid/17546/info Monster Top List is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit thi...

phpBB Admin command execution

On a phpBB board, a user having access to the admin panel is able to execute PHP code: This example will execute $usersig as PHP code: Go to Administration Panel Styles Admin Management subSilver Edit Set "Font Colour 3" to "'./" Profile Set Signature to...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when registerglobals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settingsdir parameter...

CVE-2006-1784

PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when registerglobals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settingsdir parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group AZDG AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the intpath parameter in 1 vote.php, 2 view.php, 3 admin.php, and 4 admin/index.php...

Remote file inclusion

PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the themepath parameter in 1 index.php, 2 becomeeditor.php, 3 add.php, 4 badlink.php, 5 browse.php, 6 detail.php, 7 fav.php, 8 getrated.php,...

Remote file inclusion

PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well...

[SA19630] AzDGVote "int_path" File Inclusion Vulnerabilities

TITLE: AzDGVote "intpath" File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA19630 VERIFY ADVISORY: http://secunia.com/advisories/19630/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: AzDGVote 1.x http://secunia.com/product/9312/ DESCRIPTION: SnIpErSA has discover...

[eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities

New eVuln Advisory: QLnews XSS and PHP Code Insertion Vulnerabilities http://evuln.com/vulns/113/summary.html --------------------Summary---------------- eVuln ID: EV0113 CVE: CVE-2006-1575 CVE-2006-1576 Software: QLnews Sowtware's Web Site: http://www.vscripts.pl/ Versions: 1.2 Critical Level:...

[eVuln] VNews Multiple Vulnerabilities

New eVuln Advisory: VNews Multiple Vulnerabilities http://evuln.com/vulns/112/summary.html --------------------Summary---------------- eVuln ID: EV0112 CVE: CVE-2006-1543 CVE-2006-1544 CVE-2006-1545 Software: VNews Sowtware's Web Site: http://www.vscripts.pl/?id=vnews Versions: 1.2 Critical Level...

[eVuln] [V]Book Multiple Vulnerabilities

New eVuln Advisory: VBook Multiple Vulnerabilities http://evuln.com/vulns/111/summary.html --------------------Summary---------------- eVuln ID: EV0111 CVE: CVE-2006-1561 CVE-2006-1562 CVE-2006-1563 Software: VBook Sowtware's Web Site: http://www.vscripts.pl/?id=vbook2 Versions: 2.0 Critical Leve...

Remote file inclusion

PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter...

CVE-2006-1702

PHP remote file inclusion vulnerability in spiplogin.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter...

CVE-2006-1702

PHP remote file inclusion vulnerability in spiplogin.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party ALP, allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including 1 ase.php, 2 devi.php, 3 doom3.php,...

AzDGVote - Remote File Inclusion

AzDGVote - Remote File Inclusion source: https://www.securityfocus.com/bid/17447/info AzDGVote is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...

Indexu 5.0 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/17470/info The 'indexu' application is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remot...

Indexu 5.0 - Multiple Remote File Inclusions

Indexu 5.0 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/17470/info The 'indexu' application is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can explo...

horde_help_module.pm.txt

Title: Horde package Msf::Exploit::hordehelpmodule; use base "Msf::Exploit"; use strict; use Pex::Text; use bytes; my $advanced = ; my $info = 'Name' = 'Horde help viewer module remote PHP code execution', 'Version' = '$Revision: 1.0 $', 'Authors' = 'inkubus ' , 'Arch' = , 'OS' = , 'Priv' = 0,...