CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2007(File Inclusion)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-5754 94 Exec Code File Inclusion 2007-10-31 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in urlinn_includes/config.php in phpFaber URLInn 2.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the dir_ws parameter.
2 CVE-2007-5721 94 Exec Code File Inclusion 2007-10-30 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in _theme/breadcrumb.php in MySpacePros MySpace Resource Script (MSRS) 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the rootBase parameter.
3 CVE-2007-5697 94 Exec Code File Inclusion 2007-10-29 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the xarg parameter to (1) xarg_corner.php, (2) xarg_corner_bottom.php, and (3) xarg_corner_top.php.
4 CVE-2007-5696 94 Exec Code File Inclusion 2007-10-29 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes.php in phpBasic allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, possibly related to the Music module.
5 CVE-2007-5676 94 Exec Code File Inclusion 2007-10-24 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in modules/Forums/favorites.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary PHP code via a URL in the nuke_bb_root_path parameter.
6 CVE-2007-5641 94 Exec Code File Inclusion 2007-10-23 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the full_path parameter to (1) certinfo/index.php, (2) emails/index.php, (3) events/index.php, (4) fax/index.php, (5) files/index.php, (6) files/list.php, (7) groupadm/index.php, (8) history/index.php, (9) info/index.php, (10) log/index.php, (11) mail/index.php, (12) messages/index.php, (13) organizations/index.php, (14) phones/index.php, (15) presence/index.php, (16) projects/index.php, (17) projects/summary.inc.php, (18) projects/list.php, (19) reports/index.php, (20) search/index.php, (21) snf/index.php, (22) syslog/index.php, (23) tasks/searchsimilar.php, (24) tasks/index.php, (25) tasks/summary.inc.php, and (26) useradm/index.php in modules; (27) /ajax/loadsplash.php; (28) /blocks/birthday.php; (29) /blocks/events.php; and (30) /blocks/help.php.
7 CVE-2007-5631 94 Exec Code File Inclusion 2007-10-23 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter to (1) AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, (2) ImagesMediaGalleryModule/ImagesMediaGalleryModule.php, (3) MembersFacewallModule/MembersFacewallModule.php, (4) NewestGroupsModule/NewestGroupsModule.php, (5) UploadMediaModule/UploadMediaModule.php, and (6) VideosMediaGalleryModule/VideosMediaGalleryModule.php in BetaBlockModules/; and (7) the path_prefix parameter to several components.
8 CVE-2007-5628 94 Exec Code File Inclusion 2007-10-23 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in src/scripture.php in The Online Web Library Site (TOWels) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the pageHeaderFile parameter.
9 CVE-2007-5627 94 Exec Code File Inclusion 2007-10-23 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in content/fnc-readmail3.php in SocketMail 2.2.8 allows remote attackers to execute arbitrary PHP code via a URL in the __SOCKETMAIL_ROOT parameter.
10 CVE-2007-5600 94 Exec Code File Inclusion 2007-10-19 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3) ssh2.sftp, or (4) ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https, and ftp URLs.
11 CVE-2007-5599 94 Exec Code File Inclusion 2007-10-19 2008-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) 404.php or (2) topbar.php, different vectors than CVE-2006-6368.
12 CVE-2007-5592 94 Exec Code File Inclusion 2007-10-19 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Setting[OPT_includepath] parameter to (1) adminhelp.php; and (2) admin.incl.php, (3) reg.incl.php, (4) help.incl.php, (5) gbook.incl.php, and (6) core/core.incl.php in modules/.
13 CVE-2007-5574 94 Exec Code File Inclusion 2007-10-18 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
14 CVE-2007-5573 94 Exec Code File Inclusion 2007-10-18 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
15 CVE-2007-5567 94 Exec Code File Inclusion 2007-10-18 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in _lib/fckeditor/upload_config.php in Galmeta Post 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the DDS parameter.
16 CVE-2007-5566 94 Exec Code File Inclusion 2007-10-18 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in PHPBlog 0.1 Alpha allow remote attackers to execute arbitrary PHP code via a URL in the blog_localpath parameter to (1) includes/functions.php or (2) includes/email.php. NOTE: this issue is disputed by CVE because the identified code is in functions that are not accessible via direct request.
17 CVE-2007-5565 94 Exec Code File Inclusion 2007-10-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE because the identified code is in a function that is not accessible via direct request.
18 CVE-2007-5457 94 Exec Code File Inclusion 2007-10-14 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.
19 CVE-2007-5451 94 Exec Code File Inclusion 2007-10-14 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
20 CVE-2007-5440 20 Exec Code File Inclusion 2007-10-14 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CRS Manager allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) index.php or (2) login.php. NOTE: this issue is disputed by CVE, since DOCUMENT_ROOT cannot be modified by an attacker.
21 CVE-2007-5418 94 Exec Code File Inclusion 2007-10-12 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) en_copyrite.php, (2) vi_copyrite.php, and (3) ar_copyrite.php in language/ directories; (4) class_access.php, (5) class_department.php, (6) class_config.php, (7) class_image.php, (8) class_ward.php, and (9) class_product.php in include/care_api_classes/; (10) gui/smarty_template/smarty_care.class.php; and possibly other components, different vectors than CVE-2007-1458.
22 CVE-2007-5412 94 Exec Code File Inclusion 2007-10-12 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 Allopass (com_mp3_allopass) 1.0 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter to (1) allopass.php and (2) allopass-error.php.
23 CVE-2007-5410 94 Exec Code File Inclusion 2007-10-12 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
24 CVE-2007-5409 94 Exec Code File Inclusion 2007-10-12 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in NuSEO PHP Enterprise 1.6 (NuSEO.PHP), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the nuseo_dir parameter.
25 CVE-2007-5407 94 Exec Code File Inclusion 2007-10-12 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in the JContentSubscription (com_jcs) 1.5.8 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) jcs.function.php; (2) add.php, (3) history.php, and (4) register.php, in view/; and (5) list.sub.html.php, (6) list.user.sub.html.php, and (7) reports.html.php in views/.
26 CVE-2007-5390 94 Exec Code File Inclusion 2007-10-12 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter.
27 CVE-2007-5389 94 Exec Code File Inclusion 2007-10-12 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests.
28 CVE-2007-5388 94 Exec Code File Inclusion 2007-10-12 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) app parameter to apps/apps.php and the (2) wsk parameter to wsk/wsk.php.
29 CVE-2007-5387 94 Exec Code File Inclusion 2007-10-12 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in active/components/xmlrpc/client.php in Pindorama 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the c[components] parameter.
30 CVE-2007-5363 94 Exec Code File Inclusion 2007-10-11 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
31 CVE-2007-5362 94 Exec Code File Inclusion 2007-10-11 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2.
32 CVE-2007-5315 94 Exec Code File Inclusion 2007-10-09 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbum_dir parameter.
33 CVE-2007-5314 94 Exec Code File Inclusion 2007-10-09 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter.
34 CVE-2007-5313 94 Exec Code File Inclusion 2007-10-09 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in install/config.php in Picturesolution 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
35 CVE-2007-5310 94 Exec Code File Inclusion 2007-10-09 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
36 CVE-2007-5309 94 Exec Code File Inclusion 2007-10-09 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
37 CVE-2007-5305 94 Exec Code File Inclusion 2007-10-09 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files.
38 CVE-2007-5298 94 Exec Code File Inclusion 2007-10-09 2018-10-15
6.4
None Remote Low Not required Partial Partial None
Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document_uri] parameter to (1) _administration/securite.php and (2) _administration/gestion_configurations/save_config.php.
39 CVE-2007-5294 94 Exec Code File Inclusion 2007-10-09 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta (aka Phoenix) allows remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter.
40 CVE-2007-5271 94 Exec Code File Inclusion 2007-10-08 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS 1.2 rev9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the bField[bf_data] parameter to (1) interface/editors/-custom.php or (2) interface/editors/custom.php.
41 CVE-2007-5258 20 File Inclusion 2007-10-06 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha 0.2.0 allows remote attackers to include and execute arbitrary files via unspecified vectors. NOTE: the original disclosure is likely erroneous.
42 CVE-2007-5234 94 Exec Code File Inclusion 2007-10-05 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in upload/common/footer.php in Ossigeno CMS 2.2 alpha3 allows remote attackers to execute arbitrary PHP code via a URL in the level parameter.
43 CVE-2007-5221 94 Exec Code File Inclusion 2007-10-05 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in mail/childwindow.inc.php in Poppawid 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the form parameter.
44 CVE-2007-5216 94 Exec Code File Inclusion 2007-10-04 2008-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php vector is already covered by CVE-2006-6086.
45 CVE-2007-5215 94 Exec Code File Inclusion 2007-10-04 2008-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle GodSend 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the SCRIPT_DIR parameter to (1) gtk/main.inc.php or (2) cmdline.inc.php. NOTE: vector 2 is disputed by CVE because it is contained in unaccessible code, requiring that two undefined constants be equal.
46 CVE-2007-5186 94 Exec Code File Inclusion 2007-10-03 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8.4 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter, a different vector than CVE-2006-5497. NOTE: this issue was disputed, but the dispute was retracted after additional analysis.
47 CVE-2007-5185 94 Exec Code File Inclusion 2007-10-03 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTML_MENU_DirPath parameter to (1) config_HTML_MENU.php and (2) config_PHPLM.php in phpwcms_template/inc_script/frontend_render/navigation/.
48 CVE-2007-5178 94 Exec Code File Inclusion 2007-10-03 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter.
49 CVE-2007-5175 94 Exec Code File Inclusion 2007-10-03 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter.
50 CVE-2007-5173 94 Exec Code File Inclusion 2007-10-03 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.
Total number of vulnerabilities : 62   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.