2592 matches found
CVE-2006-6511
dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain 1 feature, 2 editor, 3 newswire, 4 otherpress, 5 admin, 6 pbook, 7 media, or 8 mod, which are...
CVE-2006-6043
PHP file inclusion vulnerability in loginform-inc.php in Oliver formerly Webshare 1.2.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the confmotdfile parameter, which is accessed by the...
mxBB Module calsnails 1.06 - mx_common.php File Inclusion
mxBB Module calsnails 1.06 - mxcommon.php File Inclusion mxBB calsnails module 1.06 Remote File Inclusion Vulnerability Bugfounder: bd0rk || SOH-Crew Website: www.soh-crew.it.tt Gr33tings: nukedx, DeeJay, TheJT, str0ke Mod-Download:...
CVE-2006-5505
Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to 1 admin/configuration.inc.php, 2 admin/creeralbum.inc.php, 3 admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is...
cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit (php)
Exploit for unknown platform in category local exploits ================================================================= cPanel cPanel Sorry Safe-mode Is On Script Not Work On This Server "; echo "Powered By Ashiyane Security Corporation www.Ashiyane.ir"; exit; $disablef =...
CVE-2006-5250
CVE-2006-5250 affects BlueShoes 4.6_public and earlier. The PHP remote file inclusion vulnerability exists in lib/googlesearch/GoogleSearch.php, where an attacker can supply a URL via the APP[path][lib] parameter to cause the script to include and execute PHP code on the remote host. Root cause i...
CVE-2006-5223
PHP remote file inclusion vulnerability in includes/functionsuserviewedposts.php in the Nivisec User Viewed Posts Tracker module 1.0 and earlier for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
CVE-2006-5167
Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 BSXLIBDIR parameter in scripts in /files/ including a abook.php3, b compose-attach.php3, c compose-menu.php3, d compose-new.php3, e...
CVE-2006-4993
Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMGconfigcfgserverpath parameter in 1 modules/AllMyGuests/signin.php aka the Nuke module and 2 AllMyGuests/signin.php aka the standalone...
PT-2006-5618 · All Enthusiast · Reviewpost
Name of the Vulnerable Software and Affected Versions: All Enthusiast ReviewPost version 2.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the RP PATH parameter in the index.php file. Recommendations: For All Enthusiast ReviewPost version 2.5, consider...
TikiWiki file upload vulnerability (jhot.php)
Added: 09/08/2006 CVE: CVE-2006-4602 BID: 19819 OSVDB: 28456 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The jhot.php script allows remote attackers to upload arbitrary PHP commands into the img/wiki directory. The commands can then be executed by...
PT-2006-5350 · Bob Jewell · Bob Jewell Discloser
Name of the Vulnerable Software and Affected Versions: Bob Jewell Discloser version 0.0.4 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the type parameter in the plugins/plugins.php file. However, there is a dispute about whether an attacker can control...
CVE-2006-3608
The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file...
News52.txt
!/usr/bin/perl VulnScr: News version 5.2 and prior E-mail: [email protected] Web: www.vincent-leclercq.com Date: Thu June 29 12:01 2006 Credits: DarkFig [email protected] Vuln: XSS, Full Path Disclosure, SQL Injection Advisorie: http://www.acid-root.new.fr/advisories/news52.txt frenc...
CVE-2006-3314
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter...
PT-2006-4105 · Rig · Ralf Image Gallery
Name of the Vulnerable Software and Affected Versions: Ralf Image Gallery RIG versions 0.7.4 through 0.9 Description: The issue allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks when register globals is enabled. This can be achieved via URLs or ".."...
CVE-2006-3136
Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIRLIBS parameter in 1 path/action.php, and to files in path/nucleus including 2 media.php, 3 /xmlrpc/server.php, and 4 /xmlrpc/apimetaweblog.inc.php. NOTE: this i...
CVE-2006-2828
Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbbrootpath parameter to the admin scripts 1 index.php, 2 adminugauth.php, 3 adminboard.php, 4 admindisallow.php, 5 adminforumauth.php, 6 admingroups.php, 7...
CVE-2006-2828
CVE-2006-2828 is a vulnerability in PHP-Nuke where a global variable overwrite allows remote PHP file inclusion by a modified phpbb_root_path parameter to multiple admin scripts (index.php, admin_ug_auth.php, admin_board.php, admin_disallow.php, admin_forumauth.php, admin_groups.php, admin_ranks....
DeluxeBB <= 1.06 (Attachment mod_mime) Remote Exploit
Exploit for unknown platform in category web applications ===================================================== DeluxeBB = 1.06 Attachment modmime Remote Exploit ===================================================== !/usr/bin/php -q -d shortopentag=on ? echo "DeluxeBB = v1.06 attachment modmime...