eFront js/scripts.php 'load' Parameter Remote File Inclusion

The version of eFront running on the remote web server is affected by a remote file inclusion vulnerability due to improper sanitization of user-supplied input to the 'load' parameter of the js/scripts.php script before using it in a PHP include function call. An attacker can exploit this issue t...

BlogEngine.NET api/BlogImporter.asmx GetFile Function Unauthorized Access

The web server hosts BlogEngine.NET, an open source .NET blogging project. An install of the software on the remote host allows unauthenticated access to the 'GetFile' function of the 'api/BlogImporter.asmx' script. An unauthenticated, remote attacker may be able to abuse this function to copy...

phpList <= 2.10.8 Variable Overwriting

The version of phpList installed on the remote host emulates PHP's 'registerglobals' functionaltiy' insecurely in its 'admin/index.php' script. Provided PHP's 'registerglobals' setting is disabled, an unauthenticated attacker can exploit this issue to overwrite the 'SERVERConfigFile' and...

SQLiteManager confirm.php spaw_root Parameter Remote File Inclusion

The remote host is running SQLiteManager, a web-based application for managing SQLite databases. The version of SQLiteManager installed on the remote host fails to sanitize user-supplied input to the 'spawroot' parameter of the 'spaw/dialogs/confirm.php' script before using it to include PHP code...

MODx CMS base_path Parameter Remote File Inclusion

The remote web server is running MODx CMS, an open source content management system. The version of MODx CMS installed on the remote host fails to sanitize input to the 'basepath' parameter before using it in the 'manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php' script to includ...

phpCOIN Multiple Script _CCFG Parameter Remote File Inclusion

The remote host is running phpCOIN, a software package for web-hosting resellers to handle clients, orders, helpdesk queries, and the like. The version of phpCOIN installed on the remote host fails to sanitize input to the 'CCFG' array parameter before using it in several scripts to include PHP...

SimpleBoard sbp Parameter Remote File Inclusion

Binary data 3684.prm...

Mambo phpBB Component download.php phpbb_root_path Parameter Remote File Inclusion

The remote host is running the phpBB component for Mambo, a web-based bulletin board. The version of the phpBB component for Mambo installed on the remote host fails to sanitize input to the 'phpbbrootpath' parameter of the 'download.php' and other scripts before using it to include PHP code...

Claroline Multiple Script includePath Parameter Remote File Inclusion

The remote host is running Claroline, an open source, web-based, collaborative learning environment written in PHP. The version of Claroline installed on the remote host fails to sanitize input to the 'includePath' parameter before using it to include PHP code in the...

Nucleus CMS PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion

The remote host is running Nucleus CMS, an open source content management system. The version of Nucleus CMS installed on the remote host fails to sanitize input to the 'DIRLIBS' parameter before using it in a PHP include function in the 'nucleus/libs/PLUGINADMIN.php' script. Provided PHP's...

Squirrelcart cart_content.php cart_isp_root Parameter Remote File Inclusion

The remote host is running Squirrelcart, a shopping cart program written in PHP. The version of Squirrelcart installed on the remote host fails to sanitize user-supplied input to the 'cartisproot' parameter of the 'cartcontent.php' script before using it to include PHP code. Provided PHP's...

ACal embed/day.php path Parameter Remote File Inclusion

The remote host is running ACal, an open source, web-based event calendar written in PHP. The version of ACal installed on the remote host fails to sanitize user-supplied input to the 'path' parameter of the 'embed/day.php' script before using it in PHP 'include' functions. Provided PHP's...

Stadtaus Gaestebuch-Script index.php include_files Parameter Remote File Inclusion

The remote host is running Stadtaus Gaestebuch-Script, a free guestbook written in PHP. The version of Gaestebuch-Script installed on the remote host fails to sanitize input to the 'includefiles' array parameter before using it in a PHP 'include' function in various scripts. Provided PHP's...

Limbo CMS sql.php classes_dir Parameter Remote File Inclusion

The remote host is running Limbo CMS, a content-management system written in PHP. The version of Limbo CMS installed on the remote host fails to sanitize user-supplied input to the 'classesdir' parameter of the 'classes/adodbt/sql.php' script before using it in PHP 'includeonce' functions. Provid...

Sphider configset.php settings_dir Parameter Remote File Inclusion

The remote host is running Sphider, an open source web spider and search engine written in PHP. The version of Sphider installed on the remote host fails to sanitize user-supplied input to the 'settingsdir' parameter of the 'admin/configset.php' script before using it in a PHP 'include' function...

AngelineCMS loadkernel.php installPath Parameter Remote File Inclusion

The remote host is running AngelineCMS, an open source content management system written in PHP. The version of AngelineCMS installed on the remote host fails to sanitize user-supplied input to the 'installPath' parameter of the '/kernel/loadkernel.php' script before using it in a PHP 'includeonc...

Mantis File Inclusion and SQL Injection Flaws

The remote web server contains a PHP application that is affected by multiple flaws. Description : The remote version of Mantis suffers from a remote file inclusion vulnerability. Provided PHP's 'registerglobals' setting is enabled, An attacker may be able to leverage this issue to read arbitrary...

dotProject Multiple Scripts Remote File Inclusion

The remote host is running dotProject, a web-based, open source, project management application written in PHP. The installed version of dotProject fails to sanitize input to various parameters and scripts before using it to include PHP code. Provided PHP's 'registerglobals' setting is enabled, a...

AppServ appserv/main.php appserv_root Parameter Remote File Inclusion

The remote host appears to be running AppServ, a compilation of Apache, PHP, MySQL, and phpMyAdmin for Windows and Linux. The version of AppServ installed on the remote host fails to sanitize user-supplied input to the 'appservroot' parameter of the 'appserv/main.php' script before using it in a...

CodeGrrl Applications Remote File Inclusion Vulnerabilities

The remote host appears to be running at least one of the PHP applications from CodeGrrl - PHPCalendar, PHPClique, PHPFanBase, or PHPQuotes. Under certain conditions, these applications fail to sanitize input to the 'siteurl' parameter of the 'protection.php' script before using it in a PHP...