4 matches found
CVE-2007-6289
CVE-2007-6289 describes multiple PHP remote file inclusion vulnerabilities in SerWeb (versions 0.9.6 and later, and 2.0.0 dev1 and earlier). The flaw allows an attacker to execute arbitrary PHP code by supplying a URL in parameters such as _SERWEB[configdir] to load_lang.php, _SERWEB[functionsdir...
CVE-2007-3359
CVE-2007-3359 describes multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier. The flaw allows remote attackers to execute arbitrary PHP code by supplying a URL in the _SERWEB[serwebdir] parameter to either html/load_apu.php or html/mail_prepend.php. The vulnerability ori...
CVE-2007-3358
The CVE-2007-3358 entry affects SerWeb 0.9.6 and earlier, with a PHP remote file inclusion vulnerability in html/load_lang.php. The underlying flaw is that the _SERWEB[serwebdir] parameter can be used to supply a URL, allowing an attacker to execute arbitrary PHP code remotely. Connected sources ...
CVE-2007-6290
SERWeb 2.0.0 dev1 and earlier are affected by directory traversal in js/get_js.php. The vulnerability allows remote attackers to read arbitrary files by supplying .. in the (1) mod and (2) js parameters, due to underlying path traversal. Documented impact is reading files; no exploitation status ...