Searching inc software vulnerabilities

init.php in WebCalendar allows remote attackers

WebCalendar | attackers | arbitrary | parameter | user_inc | initphp | scripts | execute | remote | allows | local | PHP | via |

init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter.


SQL injection vulnerability in invoices.php in

vulnerability | invoicesphp | attackers | arbitrary | injection | parameter | commands | execute | Invoice | allows | remote | SQL | via | Inc |

SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email support@ezinvoiceinc.com and EZI will email you the patch to fix this small issue."


CuteNews 1.4.1 allows remote attackers to obtai

CuteNews |

CuteNews 1.4.1 allows remote attackers to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message.


PHP remote file inclusion vulnerability in Book

vulnerability | Bookmark4U | inclusion | remote | file | PHP |

PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | FlashChat | inclusion | Multiple | before | remote | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS.php, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedating4CMS.php.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | attackers | inclusion | parameter | arbitrary | versions | dir[inc] | possibly | Multiple | AEDating | execute | earlier | remote | allow | code | file | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php.


PHP remote file inclusion vulnerability in inc/

inc/settingsphp | vulnerability | inclusion | IncCMS | remote | file | Core | PHP |

PHP remote file inclusion vulnerability in inc/settings.php in IncCMS Core 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | Multiple | WiClear | remote | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (8) lib/history.lib.php in inc/.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | Multiple | earlier | remote | MDweb | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and earlier (Mdweb132-postgres) allow remote attackers to execute arbitrary PHP code via a URL in the chemin_appli parameter in (1) admin/inc/organisations/form_org.inc.php and (2) admin/inc/organisations/country_insert.php.


** DISPUTED ** PHP remote file inclusion vulne

mybic_serverphp | vulnerability | inclusion | DISPUTED | My-BIC | remote | Plush | file | PHP | Jim |

** DISPUTED ** PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the INC_PATH parameter, a different vector than CVE-2006-5089. NOTE: this issue is disputed by CVE and third party researchers because INC_PATH is a constant.


PHP remote file inclusion vulnerability in inc/

inc/CONTROL/import/import-mtphp | vulnerability | b2evolution | inclusion | remote | file | PHP |

PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.


PHP remote file inclusion vulnerability in inc/

inc/commonincphp | vulnerability | parameter | Epistemon | attackers | arbitrary | inclusion | inc_path | execute | remote | allows | code | file | PHP | via | URL |

PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.


** DISPUTED ** SQL injection vulnerability in

GlobalMegaCorp | vulnerability | inc/commonphp | attackers | arbitrary | injection | parameter | DISPUTED | commands | execute | allows | remote | dvddb | user | SQL | via |

** DISPUTED ** SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions.


inc/filebrowser/browser.php in deV!L`z Clanport

inc/filebrowser/browserphp | Clanportal | deVL`z |

inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | attackers | arbitrary | parameter | root_path | Multiple | execute | remote | CARE2X | allow | file | code | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) inc_checkdate_lang.php, (2) inc_charset_fx.php, (3) inc_config_color.php, (4) inc_currency_set.php, (5) inc_db_makelink.php, (6) inc_diagnostics_report_fx.php, (7) inc_environment_global.php, (8) inc_front_chain_lang.php, (9) inc_init_crypt.php, (10) inc_load_copyrite.php, or (11) inc_news_save.php in include/; (12) diagnostics-report-index.php, (13) config_options_mascot.php, (14) barcode-labels.php, (15) chg-color.php, or (16) config_options_gui_template.php in main/; or unspecified other files.


Directory traversal vulnerability in inc/lang.p

vulnerability | inc/langphp | Directory | traversal | sBLOG |

Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.


Multiple PHP remote file inclusion vulnerabilit

inc/include_allincphp | vulnerabilities | phporacleview | attackers | inclusion | arbitrary | Multiple | execute | remote | allow | code | file | URL | via | PHP |

Multiple PHP remote file inclusion vulnerabilities in inc/include_all.inc.php in phporacleview allow remote attackers to execute arbitrary PHP code via a URL in the (1) page_dir or (2) inc_dir parameters.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | format_menue | PHPGlossar | attackers | arbitrary | parameter | inclusion | Multiple | execute | remote | allow | file | code | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter to (1) admin/inc/change_action.php or (2) admin/inc/add.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | attackers | arbitrary | parameter | Multiple | doc_root | execute | SiteSys | remote | allow | code | file | PHP | URL | 10a | via |

Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) inc/pagehead.inc.php or (2) inc/pageinit.inc.php.


Software vulnerabilities results 1 to 20 of 180     
Page: 12345...10