EUVD-2005-2693

Malware in sbrugna...

Directory traversal

Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPathpath parameter to 1 class.forumposts.php and 2 forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659...

CVE-2006-1793

Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPathpath parameter to 1 class.forumposts.php and 2 forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659...

CVE-2006-0721

SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the touserid parameter...

CVE-2006-0721

CVE-2006-0721 affects RunCMS versions 1.2 and 1.3a, with a vulnerability in pmlite.php that allows remote SQL execution via the to_userid parameter. The NVD entry lists a CVSS v2 base score of 7.5 (HIGH) , with network attack vector, low complexity, and no authentication required. Impacts are des...

Design/Logic Flaw

Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with registerglobals and allowurlfopen enabled, allow remote attackers to execute arbitrary code via the bbPathpath parameter in 1 class.forumposts.php and 2 forumpollrenderer.php...

RunCMS <= 1.2 (class.forumposts.php) Arbitrary Remote Inclusion Exploit

No description provided by source. ?php ---runcms13axpl.php 17.30 09/02/2006 RunCMS = 1.2 arbitrary remote inclusion exploit " = 1.3a shell upload through FCKEditor coded by rgod site: http://retrogod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "But when...