7 matches found
EUVD-2009-0426
Malware in sbrugna...
EUVD-2006-1386
Malware in sbrugna...
EUVD-2009-0539
Malware in sbrugna...
CVE-2009-0535
CVE-2009-0535 describes a directory traversal in export.php of Thyme 1.3 and earlier, where, when register_globals is disabled, an attacker can read arbitrary files by supplying a .. in the export_to parameter. The NVD entry scores this as 7.5/10 (HIGH) with network access, low attack complexity,...
Directory traversal
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when registerglobals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the SERVERConfigFile parameter to admin/index.php...
CVE-2007-5186
Segue CMS suffers a PHP remote file inclusion via the themesdir parameter in index.php (and related themes/settings scripts) for versions 1.8.4 and earlier. The underlying issue is unsanitized input used to include PHP code in themes/program/themesettings.inc.php, which can enable arbitrary code ...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party ALP, allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including 1 ase.php, 2 devi.php, 3 doom3.php,...