3 matches found
CVE-2006-7056
CVE-2006-7056 describes multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier. The vulnerability allows remote attackers to execute arbitrary PHP code by supplying a URL in the path parameter to (1) functions.php and (2) members.php. The index.php vector is cov...
CVE-2006-0791
DreamCost HostAdmin (vulnerable up to 3.1 and earlier) is affected by a PHP remote file inclusion via index.php. The root cause is an uninitialized $path variable used by index.php, allowing an attacker to include arbitrary files. Related records note that the index.php vector is covered by CVE-2...
CVE-2008-6164
The CVE-2008-6164 entry concerns a cross-site scripting (XSS) flaw in DreamCost HostAdmin 3.1.1, exploitable via the page parameter in index.php. The vulnerability allows remote attackers to inject arbitrary web script or HTML. The available sources confirm the affected component and the attack v...