CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2007(File Inclusion)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-1133 Exec Code File Inclusion 2007-02-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter.
2 CVE-2007-1131 Exec Code File Inclusion 2007-02-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
3 CVE-2007-1130 Exec Code File Inclusion 2007-02-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
4 CVE-2007-1123 Exec Code File Inclusion 2007-02-27 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap CVE-2005-0793.2. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5 CVE-2007-1118 Exec Code File Inclusion 2007-02-27 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.
6 CVE-2007-1108 Exec Code File Inclusion 2007-02-26 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.
7 CVE-2007-1106 Exec Code File Inclusion 2007-02-26 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
8 CVE-2007-1105 Exec Code File Inclusion 2007-02-26 2017-10-11
5.0
None Remote Low Not required None Partial None
PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
9 CVE-2007-1104 Exec Code File Inclusion 2007-02-26 2017-10-11
4.3
None Remote Medium Not required None Partial None
PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter.
10 CVE-2007-1078 94 Exec Code File Inclusion 2007-02-22 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter.
11 CVE-2007-1060 Exec Code File Inclusion 2007-02-22 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/.
12 CVE-2007-1059 Exec Code File Inclusion 2007-02-22 2017-10-19
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error.
13 CVE-2007-1053 Exec Code File Inclusion 2007-02-21 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php.
14 CVE-2007-1052 Exec Code File Inclusion 2007-02-21 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation.
15 CVE-2007-1048 Exec Code File Inclusion 2007-02-21 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin_rebuild_search.php in phpbb_wordsearch allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
16 CVE-2007-1025 Exec Code File Inclusion 2007-02-21 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter.
17 CVE-2007-1024 Exec Code File Inclusion 2007-02-21 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.
18 CVE-2007-1018 Exec Code File Inclusion 2007-02-21 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
19 CVE-2007-1017 Exec Code File Inclusion 2007-02-21 2017-10-11
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter.
20 CVE-2007-1013 Exec Code File Inclusion 2007-02-21 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter.
21 CVE-2007-1011 Exec Code File Inclusion 2007-02-21 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter.
22 CVE-2007-1010 Exec Code File Inclusion 2007-02-21 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/.
23 CVE-2007-0986 94 Exec Code File Inclusion 2007-02-16 2018-10-16
5.1
None Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter.
24 CVE-2007-0983 94 Exec Code File Inclusion 2007-02-16 2017-10-19
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter.
25 CVE-2007-0900 Exec Code File Inclusion 2007-02-13 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249.
26 CVE-2007-0881 Exec Code File Inclusion 2007-02-12 2017-10-19
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. NOTE: vector 2 might be the same as CVE-2006-4750.
27 CVE-2007-0867 Exec Code File Inclusion 2007-02-09 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in classes/menu.php in Site-Assistant 0990 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the paths[version] parameter.
28 CVE-2007-0863 Exec Code File Inclusion 2007-02-09 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php.
29 CVE-2007-0862 94 Exec Code File Inclusion 2007-02-09 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable.
30 CVE-2007-0861 Exec Code File Inclusion 2007-02-09 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CCFG['_PKG_PATH_MDLS'] parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs before the relevant code is reached.
31 CVE-2007-0860 Exec Code File Inclusion 2007-02-09 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in local Calendar System 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) TEMPLATE_DIR parameter to (a) showinvoices.php, (b) showmonth.php, (c) showevents.php, (d) retrieveinvoice.php, (e) modifyitem.php, and (f) lookup_userid.php; or the LIBDIR parameter to (g) editevent.php, (h) resetpassword.php, (i) signup.php, showmonth.php, (j) showday.php, showevents.php, and lookup_userid.php. NOTE: this issue has been disputed by a third party, who states that the associated variables are set in config.php before use.
32 CVE-2007-0854 94 Exec Code File Inclusion 2007-02-08 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents.
33 CVE-2007-0848 Exec Code File Inclusion 2007-02-08 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.
34 CVE-2007-0839 Exec Code File Inclusion 2007-02-08 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters.
35 CVE-2007-0837 Exec Code File Inclusion 2007-02-08 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
36 CVE-2007-0831 94 Exec Code File Inclusion 2007-02-07 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Atsphp 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the CONF[path] parameter to (1) index.php, (2) sources/usercp.php, or (3) sources/admin.php. NOTE: Another researcher has disputed this vulnerability, noting that CONF[path] is defined before use in index.php, that CONF[path] inclusion cannot occur through a direct request to other affected files, and that usercp.php is a typo of user_cp.php.
37 CVE-2007-0828 Exec Code File Inclusion 2007-02-07 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter.
38 CVE-2007-0824 Exec Code File Inclusion 2007-02-07 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateien[news] parameter.
39 CVE-2007-0820 Exec Code File Inclusion 2007-02-07 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to execute arbitrary PHP code via a URL in the chemin parameter to (1) mod_news/index.php, (2) mod_news/goodies.php, or (3) mod_search/index.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
40 CVE-2007-0810 Exec Code File Inclusion 2007-02-07 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog.
41 CVE-2007-0809 Exec Code File Inclusion 2007-02-07 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
42 CVE-2007-0808 Exec Code File Inclusion 2007-02-07 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script.
43 CVE-2007-0797 Exec Code File Inclusion 2007-02-06 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter.
44 CVE-2007-0795 Exec Code File Inclusion 2007-02-06 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php.
45 CVE-2007-0793 Exec Code File Inclusion 2007-02-06 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.
46 CVE-2007-0787 Exec Code File Inclusion 2007-02-06 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in controller.php in Simple Invoices before 20070202 allows remote attackers to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter. NOTE: some of these details are obtained from third party information.
47 CVE-2007-0785 Exec Code File Inclusion 2007-02-06 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.
48 CVE-2007-0762 Exec Code File Inclusion 2007-02-06 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
49 CVE-2007-0761 Exec Code File Inclusion 2007-02-06 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter.
50 CVE-2007-0758 Exec Code File Inclusion 2007-02-06 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Total number of vulnerabilities : 85   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.