Speedberg version 1.2beta1 is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, containing arbitrary code which is then executed on the vulnerable server. This vulnerability is due to the application not properly sanitizing user-supplied input to the 'SPEEDBERG_PATH' parameter in multiple files.
Net_DNS is vulnerable to a remote file inclusion vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. This URL can be used to execute arbitrary code on the vulnerable system.
A remote inclusion vulnerability was found in the MambWeather module, specifically in the file MambWeather/Savant2/Savant2_Plugin_options.php. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server, containing a malicious URL in the mosConfig_absolute_path parameter.
A remote file include vulnerability exists in the PHP Generator of Object SQL Database (PGOSD) script. The vulnerability is due to the 'path' parameter in the 'function.php3' script not properly sanitized before being used in a 'include' PHP function. This can be exploited to include arbitrary remote files by passing a URL in the 'path' parameter. Successful exploitation requires that 'register_globals' is set to 'on'.
Open Meetings Filing Application is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
A vulnerability in Virtual Law Office (VLO) allows remote attackers to execute arbitrary code by including a malicious file via the phpc_root_path parameter in a URL.
Kawf is a web forum written in PHP4 using MySQL v. 1.0 and all below. The vulnerability exists in the main.php file, where an attacker can inject malicious code via the srcroot parameter. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'rootpath' parameter of the '/lib/rs.php' script. A remote attacker can execute arbitrary PHP code on the vulnerable system by passing it via the 'rootpath' parameter.
The RSSonate application is vulnerable to remote command execution. An attacker can exploit this vulnerability by sending a maliciously crafted request to the vulnerable application. The vulnerable parameters are PROJECT_ROOT in xml2rss.php, config_local.php, rssonate.php, sql2xml.php, and xml2rss.php. The attacker can inject arbitrary commands into the vulnerable parameters and execute them on the server.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The attacker can inject arbitrary SQL code in the vulnerable parameter 'qzid' of the 'quiz.php' script. This can be used to bypass authentication, access, modify or delete data from the back-end database.
Services By CQR