CVE-2010-1063

CVE-2010-1063 affects Phpkobo Free Real Estate Contact Form 1.09. The vulnerability is a directory traversal in the LANG_CODE parameter that can cause local file inclusion and remote code execution in three PHP files: codelib/cfg/common.inc.php, form/app/common.inc.php, and staff/app/common.inc.p...

CVE-2010-1059

Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANGCODE parameter. NOTE: the provenance of this...

CVE-2010-1060

Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Short URL 1.01, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the LANGCODE parameter...

CVE-2010-1062

CVE-2010-1062 affects Phpkobo Free Real Estate Contact Form 1.09; vulnerable component is codelib/sys/common.inc.php. The root cause is a directory traversal flaw that allows remote inclusion/execution of local files via the LANG_CODE parameter when magic_quotes_gpc is disabled. This is described...

CVE-2010-1059

The CVE concerns Phpkobo Address Book Script 1.09, where a directory traversal flaw in staff/app/common.inc.php can be exploited when magic_quotes_gpc is disabled. An attacker can include and execute arbitrary local files by manipulating the LANG_CODE parameter, enabling at least partial impact t...

CVE-2010-1058

Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the LANGCODE parameter...

CVE-2010-1057

Multiple directory traversal vulnerabilities in Phpkobo AdFreely aka Ad Board Script 1.01, when magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// dot dot slash slash in the LANGCODE parameter to common.inc.php in 1 codelib/cfg/, 2...

CVE-2010-1061

Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANGCODE parameter to 1 url/app/common.inc.php and 2 codelib/cfg/common.inc.php...

CVE-2010-1057

Phpkobo AdFreely (aka Ad Board Script) 1.01 is affected by directory traversal via LANG_CODE in common.inc.php, enabling remote inclusion/execution of local files when magic_quotes_gpc is disabled. The vulnerability affects multiple paths (codelib/cfg/, codelib/sys/, staff/, staff/app/, staff/fil...

CVE-2010-1062

Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the LANGCODE parameter. NOTE: some of these details are obtained...

CVE-2010-1060

CVE-2010-1060 is a directory traversal vulnerability in Phpkobo Short URL 1.01 (staff/app/common.inc.php). When magic_quotes_gpc is disabled, an attacker can use ".." in the LANG_CODE parameter to include and execute arbitrary local files. The NVD entry assigns a CVSS v2 base score of 6.8 (MEDIUM...

CVE-2010-1058

CVE-2010-1058 describes a directory traversal vulnerability in the Phpkobo Address Book Script 1.09. The flaw resides in the file codelib/cfg/common.inc.php, where the LANG_CODE parameter can be manipulated (via ".." paths) to include and execute arbitrary local files when magic_quotes_gpc is dis...

CVE-2010-1063

Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magicquotesgpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANGCODE parameter to 1 codelib/cfg/common.inc.php, 2...

Free Real Estate Contact Form 1.09 Local File Inclusion

Securitylab.ir Application Info: Name: Free Real Estate Contact Form Version: 1.09 Vendor: http://www.phpkobo.com/realestatecontact.php Vulnerability Info: Type: Local File Inclusion Risk: Medium Vulnerability: http://site.com/codelib/sys/common.inc.php?LANGCODE=../../../../../../../etc/passwd%00...

Short URL 1.01 - Local File Inclusion

Short URL 1.01 - Local File Inclusion Securitylab.ir Application Info: Name: Short URL Version: 1.01 Vendor: http://www.phpkobo.com/shorturl.php Vulnerability Info: Type: Local File Inclusion Risk: Medium Vulnerability:...

Free Real Estate Contact Form v1.09 - Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ======================================================================== Free Real Estate Contact Form v1.09 - Local File Inclusion Vulnerability ======================================================================== Application Info:...

Short URL 1.01 Local File Inclusion

Securitylab.ir Application Info: Name: Short URL Version: 1.01 Vendor: http://www.phpkobo.com/shorturl.php Vulnerability Info: Type: Local File Inclusion Risk: Medium Vulnerability: http://site.com/staff/app/common.inc.php?LANGCODE=../../../../../../../etc/passwd%00 Discoverd By: Pouya Daneshmand...

Short URL v1.01 - Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ==================================================== Short URL v1.01 - Local File Inclusion Vulnerability ==================================================== Application Info: Name: Short URL Version: 1.01 Vendor:...

Ad Board Script 1.01 Local File Inclusion

local file include Author: ItSecTeam download from:http://www.phpkobo.com/scripts/AF201101/AF201101.zip script:Ad Board Script Version:1.01 Updated:2010-01-10 dork::D vul:/path/web/codelib/cfg/common.inc.php line 21: require "res.$LANGCODE.sys.inc.php" ; -----------------------------------------...

Address Book Script v 1.09 - Local File Inclusion

Exploit for unknown platform in category web applications =============================================================== Address Book Script v 1.09 - Local File Inclusion Vulnerability =============================================================== Application Info: Name: Address Book Script...