admin config settingstplphp software vulnerabilities
vulnerabilities.aspcode.net
Searching admin config settingstplphp software vulnerabilities
Cross-site scripting (XSS) vulnerability in adm
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
PHP remote file include vulnerability in plog-a
plog-admin-functionsphp
|
config[basedir]
|
vulnerability
|
parameter
|
attackers
|
arbitrary
|
include
|
execute
|
Plogger
|
remote
|
allows
|
code
|
Beta
|
file
|
PHP
|
via
|
URL
|
PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote attackers to execute arbitrary code via a URL in the config[basedir] parameter.
PHP remote file include vulnerability in admin/
admin/config_settingstplphp
|
vulnerability
|
include_path
|
parameter
|
attackers
|
arbitrary
|
Platinum
|
include
|
execute
|
I-RATER
|
remote
|
allows
|
code
|
file
|
PHP
|
via
|
URL
|
PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
Multiple
|
ScozNews
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[main_path] parameter in (1) functions.php, (2) template.php, (3) news.php, (4) help.php, (5) mail.php, (6) Admin/admin_cats.php, (8) Admin/admin_edit.php, (9) Admin/admin_import.php, and (10) Admin/admin_templates.php. NOTE: this might be resultant from a variable overwrite issue.
admin/cron.php in eSyndicat Directory 1.2, when
register_globals
|
magic_quotes_gpc
|
null-terminated
|
path_to_config
|
admin/cronphp
|
Directory
|
attackers
|
eSyndicat
|
parameter
|
arbitrary
|
possibly
|
disabled
|
execute
|
enabled
|
include
|
allows
|
remote
|
files
|
value
|
code
|
PHP
|
via
|
admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter.
Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 2
Toolkit
|
Globus
|
40x
|
32x
|
Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before Tuesday, August 15, 2006 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config.
Multiple PHP remote file inclusion vulnerabilit
register_globals
|
vulnerabilities
|
inclusion
|
attackers
|
arbitrary
|
Multiple
|
interact
|
execute
|
enabled
|
remote
|
allow
|
code
|
file
|
URL
|
via
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/common.inc.php, and the (2) CONFIG[LANGUAGE_CPATH] parameter in (c) admin/autoprompter.php.
PHP remote file inclusion vulnerability in open
openi-admin/base/fileloaderphp
|
vulnerability
|
OPENi-CMS
|
inclusion
|
remote
|
file
|
PHP
|
PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter.
Multiple direct static code injection vulnerabi
vulnerabilities
|
UBBthreads
|
injection
|
Multiple
|
Groupee
|
direct
|
static
|
code
|
Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.
Eazy Cart stores sensitive information under th
admin/config/customerdat
|
insufficient
|
information
|
attackers
|
sensitive
|
download
|
database
|
customer
|
control
|
request
|
remote
|
direct
|
stores
|
access
|
allows
|
under
|
which
|
Cart
|
root
|
Eazy
|
web
|
via
|
Eazy Cart stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a customer database via a direct request for admin/config/customer.dat. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php; and (3) index.php, (4) votanti.php, (5) risultati_config.php, (6) modifica_band.php, (7) band_editor.php, and (8) config_editor.php in admin/.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Templates/admin.dwt.php, (3) Templates/commun.dwt.php, (4) membre.dwt.php, and (5) admin/admin_config/Aide.php.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
ExtCalThai
|
inclusion
|
Multiple
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php.
Multiple PHP file inclusion vulnerabilities in
src/admin/pt_uploadphp
|
vulnerabilities
|
inclusion
|
Multiple
|
Pagetool
|
file
|
PHP
|
Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter.
** DISPUTED ** Multiple PHP remote file inclus
vulnerabilities
|
inclusion
|
DISPUTED
|
Multiple
|
Openads
|
remote
|
file
|
PHP
|
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, the (2) filename parameter to admin/report-index, or the (3) phpAds_config[my_footer] parameter to admin/lib-gui.inc. NOTE: the vendor has disputed this issue, stating that the relevant variables are used within function definitions.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
EncapsCMS
|
Multiple
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.
nabopoll 1.1.2 allows remote attackers to bypas
nabopoll
|
nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/.
PHP remote file inclusion vulnerability in the
vulnerability
|
Seitenschutz
|
OPENi-CMS
|
arbitrary
|
attackers
|
inclusion
|
execute
|
remote
|
allows
|
plugin
|
code
|
file
|
URL
|
via
|
PHP
|
PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. NOTE: vector 2 might be the same as CVE-2006-4750.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
Multiple
|
Webmobo
|
remote
|
News
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
Multiple
|
remote
|
phpBG
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php.
Software vulnerabilities results 1 to 20 of 864
Page:
1
2
3
4
5
...
44
►