Searching sb include path software vulnerabilities

PHP, when not configured with the "display_erro

"display_errors | configured | accessible | directive | attackers | physical | modifies | directly | trailing | produces | contains | request | setting | program | message | include | allows | remote | obtain | causes | phpini | error | which | slash | fail | path | Off" | base | file | PHP | not | via |

PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.


The ap_log_rerror function in Apache 2.0 throug

ap_log_rerror | function | through | Apache |

The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.


PHP file include injection vulnerability in ise

vulnerability | isearchincphp | isearch_path | arbitrary | attackers | parameter | injection | include | execute | iSearch | allows | remote | file | code | PHP | via |

PHP file include injection vulnerability in isearch.inc.php for iSearch allows remote attackers to execute arbitrary code via the isearch_path parameter.


Simple PHP Blog (sphpBlog) 0.4.0 allows remote

Simple | Blog | PHP |

Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message.


PHP remote file include vulnerability in Yawp l

vulnerability | include | library | remote | Yawp | file | PHP |

PHP remote file include vulnerability in Yawp library 1.0.6 and earlier, as used in YaWiki and possibly other products, allows remote attackers to include arbitrary files via the _Yawp[conf_path] parameter.


Multiple PHP file inclusion vulnerabilities in

vulnerabilities | inclusion | Multiple | MySource | file | PHP |

Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.


PHP remote file inclusion vulnerability in comm

vulnerability | include_path | initialized | arbitrary | attackers | Ecommerce | Intensive | inclusion | commonphp | variable | include | before | remote | allows | being | which | iUser | Point | files | used | file | URL | via | PHP | not |

PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used.


Noah's Classifieds 1.3 allows remote attackers

classifieds/gorum/categoryphp | installation | demonstrated | Classifieds | attackers | request | include | direct | Noah's | obtain | allows | remote | files | path | via |

Noah's Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php.


Annuaire (Directory) 1.0 allows remote attacker

Annuaire |

Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path.


PHP remote file inclusion vulnerability in incl

include/commonphp | vulnerability | include_path | parameter | attackers | arbitrary | inclusion | Platinum | I-Rater | execute | remote | allows | code | file | PHP | via | URL |

PHP remote file inclusion vulnerability in include/common.php in I-Rater Platinum allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.


PHP remote file include vulnerability in admin/

admin/config_settingstplphp | vulnerability | include_path | parameter | attackers | arbitrary | Platinum | include | execute | I-RATER | remote | allows | code | file | PHP | via | URL |

PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | 2006-07-14 | inclusion | MiniBill | Multiple | remote | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 (1.2.2) allow remote attackers to execute arbitrary PHP code via (1) a URL in the config[include_dir] parameter in actions/ipn.php or (2) an FTP path in the config[plugin_dir] parameter in include/initPlugins.php.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | PHPmybibli | inclusion | Multiple | remote | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path, (2) javascript_path, and (3) include_path parameters in (a) cart.php; the (4) class_path parameter in (b) index.php; the (5) javascript_path parameter in (c) edit.php; the (6) include_path parameter in (d) circ.php; unspecified parameters in (e) select.php; and unspecified parameters in other files.


Monkey Boards 0.3.5 allows remote attackers to

Boards | Monkey |

Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path.


PHP remote file inclusion vulnerability in incl

include/includesphp | vulnerability | inclusion | Bradabra | remote | file | PHP |

PHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.


admin.php in Coppermine Photo Gallery 1.4.10, a

Coppermine | adminphp | Gallery | Photo |

admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | Coppermine | inclusion | Multiple | Gallery | remote | Photo | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | inclusion | Multiple | Company | WebSite | Builder | remote | GraFX | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different vectors than CVE-2007-1513.


PHP remote file inclusion vulnerability in incl

include/loadingphp | vulnerability | Alessandro | inclusion | wavewoo | remote | Lulli | file | PHP |

PHP remote file inclusion vulnerability in include/loading.php in Alessandro Lulli wavewoo 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter.


PHP remote file inclusion vulnerability in incl

include/include_streamincphp | vulnerability | include_path | phpBrowse | attackers | parameter | arbitrary | inclusion | CodeWand | execute | remote | allows | code | file | PHP | via | URL |

PHP remote file inclusion vulnerability in include/include_stream.inc.php in CodeWand phpBrowse allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.


Software vulnerabilities results 1 to 20 of 1872     
Page: 12345...94