Remote file inclusion

PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter part of the $pagemenu variable...

CVE-2006-1563

Direct static code injection vulnerability in config.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other VBook scripts...

Code injection

Direct static code injection vulnerability in config.php in vscripts aka Kuba Kunkiewicz VBook aka VBook 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other VBook scripts...

MediaSlash Gallery - index.php Remote File Inclusion

MediaSlash Gallery - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/17323/info MediaSlash Gallery is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this...

MediaSlash Gallery - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/17323/info MediaSlash Gallery is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing...

PHP Live Helper Multiple Remote File Inclusions

The remote host is running PHP Help Live, a commercial web-based real-time help tool written using PHP and MySQL. The version of PHP Help Live installed on the remote host fails to sanitize input to the 'abspath' parameter before using it in various scripts to include files with PHP code. An...

Mambo Open Source Multiple Vulnerabilities

The remote installation of Mambo Open Source fails to sanitize input to the 'mosusertemplate' cookie before using it to include PHP code from a local file. An unauthenticated attacker may be able to exploit this issue to view arbitrary files or to execute arbitrary PHP code on the affected host. ...

4Images <= 1.7.1 Directory Traversal Vulnerability

The remote web server is running 4Images which is prone to directory traversal attacks. SPDX-FileCopyrightText: 2006 Ferdy Riphagen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

VihorDesign - index.php Remote File Inclusion

VihorDesign - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/17227/info VihorDesign is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include...

VihorDesign - &#039;index.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/17227/info VihorDesign is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious...

CVE-2006-1363

images.php in Justin White aka YTZ Free Web Publishing System FreeWPS 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file...

Remote file inclusion

PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter...

CVE-2006-1294

PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter...

Sql injection

Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...

CVE-2006-1252

Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...

CVE-2006-1252

CVE-2006-1252 affects Light Weight Calendar (LWC) 1.0, where an eval injection in cal.php allows remote attackers to execute arbitrary PHP code via the date parameter to index.php. This is a remote code execution vulnerability with CVSSv2 base score 7.5 (HIGH) and network attack vector with no au...

CVE-2006-1252

Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...

PHP iCalendar publish.ical.php Arbitrary File Upload

The remote host appears to be running PHP iCalendar, a web-based iCal file viewer / parser written in PHP. The installed version of PHP iCalendar supports iCal publishing but does not properly restrict the types of files uploaded and places them in a web-accessible directory. An unauthenticated...

Code injection

Direct static code injection vulnerability in addlink.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the urlname parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement...

CVE-2006-1208

Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory...