e107 search.php search_info Parameter Traversal Arbitrary File Inclusion

The version of e107 installed on the remote host is affected by a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input to the 'searchinfo' parameter of the 'search.php' script. This vulnerability could allow a remote, unauthenticated attacker to view...

CVE-2003-1178

Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the 1 id, 2 templateset, or 3 action parameter...

ZeroBoard - Worm Source Code

ZeroBoard - Worm Source Code / The worm exploits a vulnerability in ZeroBoard, allowing an attacker to inject arbitrary PHP code. /str0ke / / ZeroBoard -1day INE w0rm / include include include include include include include include include ifdef sun include endif / SunOS / define DEBUGING undef...

ZeroBoard Worm Source Code

No description provided by source. / The worm exploits a vulnerability in ZeroBoard, allowing an attacker to inject arbitrary PHP code. /str0ke / / ZeroBoard -1day INE w0rm / include stdio.h include unistd.h include stdlib.h include sys/socket.h include netdb.h include netinet/in.h include signal...

osTicket <= 1.2.7 Multiple Vulnerabilities

The version of osTicket installed on the remote host suffers from several vulnerabilities : - A Remote File Include Vulnerability The script 'include/main.php' lets an attacker read arbitrary files on the remote host and possibly even run arbitrary PHP code, subject to the privileges of the web...

CVE-2005-1438

The connected documents confirm a Remote File Include vulnerability in osTicket variants, specifically CVE-2005-1438, via the include_dir parameter in main.php. The issue affects osTicket versions up to 1.2.7 (per Tenable NASL “osTicket &lt;= 1.2.7 Multiple Vulnerabilities”) and is included among...

CVE-2005-1438

PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the includedir parameter...

CVE-2005-0327

pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php...

CVE-2005-1222

catforgen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the addirect parameter to reference catforgen.php, then including the code in the mforracine parameter, which is then written to catforgen.php...

CVE-2005-0565

The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension...

CVE-2005-0913

Unknown vulnerability in the regexreplace modifier modifier.regexreplace.php in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code...

Claroline < 1.5.4 / 1.6.0 Multiple Vulnerabilities (RFI, SQLi, XSS, Traversal)

The version of Claroline an open source, collaborative learning environment installed on the remote host suffers from a number of remotely-exploitable vulnerabilities, including: - Multiple Remote File Include Vulnerabilities Four scripts let an attacker read arbitrary files on the remote host an...

CVE-2005-1312

PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors...

GrayCMS php code injection

Version: 1.1 Severity: High Vendor: http://gcms.graymur.net/ Vulnerable code is in "code/error.php": ----begin---- ... if !isset$page $page = ''; if !isset$pathprefix $pathprefix = '../'; if empty$main require $pathprefix.'code/main.dat'; if isset$e404 or isset$GET'e404' ... if isset$e403 or...

CVE-2005-1312

PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors...

CVE-2005-1222

catforgen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the addirect parameter to reference catforgen.php, then including the code in the mforracine parameter, which is then written to catforgen.php...

CVE-2001-1468

MODE C CVE-2001-1468 describes a PHP remote file inclusion in phpSecurePages where checklogin.php (and related components) allows arbitrary code execution if an attacker modifies the cfgProgDir parameter to reference a URL on a remote server. Connected advisories reiterate a code-execution vulner...

CVE-2001-1471

CVE-2001-1471 affects phpBB versions 1.4.0 and earlier. The root cause is an invalid language value in prefs.php (and related auth.php handling) that can let a remote authenticated user modify variables (e.g., $l_statsblock, $l_privnotify) and later use them in an eval, enabling arbitrary PHP cod...

CVE-2005-1169

Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php...

GLSA-200503-35 : Smarty: Template vulnerability

The remote host is affected by the vulnerability described in GLSA-200503-35 Smarty: Template vulnerability A vulnerability has been discovered within the regexreplace modifier of the Smarty templates when allowing access to untrusted users. Furthermore, it was possible to call functions from if...