Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported to …
PHP remote file inclusion vulnerability in main.php in Ay System Solutions CMS 2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter. (CVSS:7.5) (Last Update:2017-07-19)
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands. (CVSS:6.5) (Last Update:2017-07-19)
SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter. (CVSS:7.5) (Last Update:2017-07-19)
SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter. (CVSS:5.1) (Last Update:2015-05-13)
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php. (CVSS…
PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. (CVSS:7.5) (Last Update:2016-10-17)
SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op. (CVSS:7.5) (Last Update:2017-07-19)
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when i…
PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3…