[CLOSE] OSVDB ID : 36442 - Disclosed: 2007-08-10

Description:

Php Blue Dragon CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'activecontent.php' script not properly sanitizing user input supplied to the 'vsDragonRootPath' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 36293 - Disclosed: 2007-06-24

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.

[CLOSE] OSVDB ID : 36315 - Disclosed: 2007-05-24

Description:

(Description Provided by CVE) : SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter.

[CLOSE] OSVDB ID : 30144 - Disclosed: 2006-10-31

Description:

Free File Hosting contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to login.php not properly sanitizing user input supplied to the 'AD_BODY_TEMP' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30145 - Disclosed: 2006-10-31

Description:

Free File Hosting contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to register.php not properly sanitizing user input supplied to the 'AD_BODY_TEMP' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30146 - Disclosed: 2006-10-31

Description:

Free File Hosting contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to send.php not properly sanitizing user input supplied to the 'AD_BODY_TEMP' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30160 - Disclosed: 2006-10-30

Description:

Spider Friendly for phpBB contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/modules_data.php not properly sanitizing user input supplied to the 'phpbb_root_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30127 - Disclosed: 2006-10-28

Description:

Free Image Hosting contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to forgot_pass.php not properly sanitizing user input supplied to the 'AD_BODY_TEMP' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30143 - Disclosed: 2006-10-28

Description:

Free File Hosting contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to forgot_pass.php not properly sanitizing user input supplied to the 'AD_BODY_TEMP' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 29971 - Disclosed: 2006-10-26

Description:

MiniBB contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to bb_func_txt.php not properly sanitizing user input supplied to the 'pathToFiles' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 29899 - Disclosed: 2006-10-19

Description:

PH Pexplorer contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to explorer_load_lang.php not properly sanitizing user input supplied to the 'Language' cookie variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 36290 - Disclosed: 2006-10-08

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter.

[CLOSE] OSVDB ID : 29403 - Disclosed: 2006-10-01

Description:

BasiliX contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to settings.php3 not properly sanitizing user input supplied to the 'BSX_LIBDIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31097 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to DeleteProductPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31098 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to DeleteServerPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31099 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to DomainServicesPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31100 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to DomainsPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31101 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to EditProductPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31102 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to EditHostingServicePage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31103 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to EditPaymentPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31104 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to EditAccountPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31105 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to EditDomainPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31106 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to EditDomainServicePage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31107 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to LoginPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31108 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to IPManagerPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31109 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to InactiveAccountsPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31110 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to GenerateInvoicesPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31111 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to HomePage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31112 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to FulfilledOrdersPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31113 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to ExpiredDomainsPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31114 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to ExecuteOrderPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31115 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to EmailInvoicePage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31116 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to EditServerPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31117 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to LogPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31118 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to ModulesPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31119 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to NewAccountPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31120 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to NewDomainServicePage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31121 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to NewProductPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31122 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to OutstandingInvoicesPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 31123 - Disclosed: 2006-09-21

Description:

SolidState contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to PendingAccountsPage.class.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.