CVE-2007-5387

PHP remote file inclusion vulnerability in active/components/xmlrpc/client.php in Pindorama 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ccomponents parameter...

CVE-2007-5310

PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 comwmtportfolio component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2007-4934

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFLFILEROOT parameter to 1 programfiles/livedraft/livedraft.php or 2 programfiles/livedraft/admin.php...

CVE-2007-4906

PHP remote file inclusion vulnerability in tasks/sendqueuedemails.php in NuclearBB Alpha 2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...

CVE-2007-4525

PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelettecache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the...

PT-2007-5375 · Pluck · Pluck

Name of the Vulnerable Software and Affected Versions: Pluck version 4.3 Description: The issue allows remote attackers to potentially read arbitrary local files via a .. dot dot in the file parameter in the data/inc/theme.php file when register globals is enabled. However, it's noted that the co...

PT-2007-5376 · Pluck · Pluck

Name of the Vulnerable Software and Affected Versions: Pluck version 4.3 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter when register globals is enabled. However, a reliable third party disputes this vulnerability, stating that the...

DreamLog 0.5 - 'upload.php' Arbitrary File Upload

? / \|/// \ - - // @ @ ----oOOo---oOOo--------------------------------------------------- Y! Underground Group [email protected] Dj7xpl.2600.ir ----ooooO-----Ooooo-------------------------------------------------- \ / \ / --------------------------------------------------------------------- !...

Remote file inclusion

PHP remote file inclusion vulnerability in crontab/runbilling.php in MiniBill 1.2.5 allows remote attackers to execute arbitrary PHP code via a URL in the configincludedir parameter, a different vector than CVE-2006-4489...

Unrestricted file upload

Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article...

CVE-2007-3292

Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article...

CVE-2007-3130

Multiple PHP remote file inclusion vulnerabilities in the OpenWiki formerly JD-Wiki component comjd-wiki 1.0.2, and possibly earlier, for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter to 1 dwpage.php or 2 wantedpages.php, different...

AlstraSoft Template Seller Pro <= 3.25 Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " AlstraSoft Template Seller Pro = 3.25 Remote Code Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage:...

GLSA-200705-16 : PhpWiki: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200705-16 PhpWiki: Remote execution of arbitrary code Harold Hallikainen has reported that the Upload page fails to properly check the extension of a file. Impact : A remote attacker could upload a specially crafted PHP file to th...

CVE-2007-2679

PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts sphp allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the fileexists function. NOTE: the provenance...

CVE-2007-2542

PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

LS simple guestbook (v1) Remote Code Execution Vulnerability

Exploit for unknown platform in category web applications ============================================================ LS simple guestbook v1 Remote Code Execution Vulnerability ============================================================ Special Greetings To - Timq,Warpboy,The-Maggot File:...

Crea-Book <= 1.0 Admin Access Bypass / DB Disclosure / Code Execution

No description provided by source. /=======================================\ | Advisory :: Crea-Book = 1.0 | +=======================================+---------------------------------------------------------------\ | | | Download link : http://www.comscripts.com/scripts/php.creabook.1359.html | |...

Woven dream content management system（DEDECMS 3.the X+4. X upload vulnerability-vulnerability warning-the black bar safety net

Ghost boy note:accurate to say should be DEDECMS used in the php version of FCKeditor there upload vulnerability, the gif89a file header to cheat, did not expect the php version of FCKeditor, even the existence of such a vulnerability, the gif89a file header spoofing is not fresh things. Sources ...

metaforum-upload.txt

:\r\n"; $phpcode = trimfgetsSTDIN; echo "\r\n+ Connection... "; $sock = @fsockopen$argv1, 80...