CVE-2026-25828

grub-btrfs through 2026-01-31 on Arch Linux and derivative distributions allows initramfs OS command injection because it does not sanitize the $root parameter to resolvedevice. NOTE: a third party reports "exploitation may not be feasible under normal conditions and may depend on specific...

PT-2026-7909

grub-btrfs through 2026-01-31 on Arch Linux and derivative distributions allows initramfs OS command injection because it does not sanitize the $root parameter to resolve device...

grub-btrfs 操作系统命令注入漏洞

Grub-Btrfs is a Linux tool developed by Antynea’s individual developers. Versions of Grub-Btrfs starting from 2026-01-31 and earlier contained an operating system command injection vulnerability. This vulnerability stemmed from the lack of cleanup of the $root parameter, which could lead to OS...

Exploit for CVE-2026-25828

CVE-2026-25828 - Command Injection in grub-btrfs initramfs hoo...

EUVD-2005-4457

Malware in sbrugna...

SDCMS Directory Traversal Vulnerability

SDCMS is a PHP and MySQL based enterprise station building content management system CMS from China Fireworks Network Technology Company. A directory traversal vulnerability exists in the app/plug/attachment/controller/admincontroller.php page in SDCMS version 1.6. The vulnerability can be...

CVE-2018-19748

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded note that base64 encoding, instead of URL encoding, is very rare in a...

Quick Classifieds 1.0 - controlcenter/remember.php3 DOCUMENT_ROOT Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...

Quick Classifieds 1.0 - controlpannel/mailadmin.php3 DOCUMENT_ROOT Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...

CVE-2012-5056

Multiple cross-site scripting XSS vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 readyCallback parameter to apps/filesodfviewer/src/webodf/webodf/flashput/PUT.swf, the 2 root parameter to apps/gallery/templates/index.php, or...

CVE-2010-1335

Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to 1 city.get/city.get.php, 2 city.get/index.php, 3 message2.send/message.send.php, 4...

Remote file inclusion

PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156...

Path traversal

Absolute path traversal vulnerability in admin/fileKontrola/browser.asp in Omnicom Content Platform OCP 2.0 allows remote attackers to list arbitrary directories via a full pathname in the root parameter...

PT-2007-6476 · Unknown · Crs Manager

Name of the Vulnerable Software and Affected Versions: CRS Manager affected versions not specified Description: The issue concerns multiple PHP remote file inclusion vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT ROOT paramete...

PT-2007-6193 · Unknown · Online Fantasy Football League

Name of the Vulnerable Software and Affected Versions: Online Fantasy Football League OFFL version 0.2.6 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the DOC ROOT parameter in the lib/classes/offl nflteam.php file. However, it is noted that a FILE test...

CVE-2007-4339

PHPCentral Poll Script 1.0 is affected by multiple PHP remote file inclusion vulnerabilities. The issue allows an attacker to execute arbitrary PHP code by supplying a URL to the _SERVER[DOCUMENT_ROOT] parameter in poll.php and pollarchive.php. The note attributes the underlying cause to a variab...

PT-2007-5481 · Unknown · X-Script Guestbook

Name of the Vulnerable Software and Affected Versions: Guestbook Script version 1.9 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the script root parameter to various PHP files, including 'delete.php', 'edit.php', 'inc/common.inc.php', 'database.php',...

CVE-2007-2986

PHP remote file inclusion vulnerability in lib/livestatus.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in lib/livestatus.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter...

CVE-2007-2986

PHP remote file inclusion vulnerability in lib/livestatus.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter...