CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2007(File Inclusion)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2007-4763 94 Exec Code File Inclusion 2007-09-08 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.php in PHP Object Framework (PHPOF) 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPOF_INCLUDE_PATH parameter.
152 CVE-2007-4757 20 Exec Code File Inclusion 2007-09-08 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP code via a URL in the functions_file parameter.
153 CVE-2007-4744 94 Exec Code File Inclusion 2007-09-06 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter.
154 CVE-2007-4738 94 Exec Code File Inclusion 2007-09-06 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
155 CVE-2007-4737 94 Exec Code File Inclusion 2007-09-06 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php.
156 CVE-2007-4715 94 Exec Code File Inclusion 2007-09-05 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Weblogicnet allow remote attackers to execute arbitrary PHP code via a URL in the files_dir parameter in (1) es_desp.php, (2) es_custom_menu.php, and (3) es_offer.php.
157 CVE-2007-4712 94 Exec Code File Inclusion 2007-09-05 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
158 CVE-2007-4636 20 Exec Code File Inclusion 2007-08-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php.
159 CVE-2007-4608 94 Exec Code File Inclusion 2007-08-31 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in protection.php in ePersonnel RC_2004_02 allows remote attackers to execute arbitrary PHP code via a URL in the logout_page parameter.
160 CVE-2007-4606 94 Exec Code File Inclusion 2007-08-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in convert/mvcw_conver.php in the Virtual War (VWar) module for PHPNuke-Clan (PNC) 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1602. NOTE: it is possible that this issue stems from a problem in VWar itself.
161 CVE-2007-4605 94 Exec Code File Inclusion 2007-08-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747.
162 CVE-2007-4551 94 Exec Code File Inclusion 2007-08-28 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter.
163 CVE-2007-4525 94 Exec Code File Inclusion 2007-08-25 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function.
164 CVE-2007-4524 Exec Code File Inclusion 2007-08-25 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in adisplay.php in PhPress 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
165 CVE-2007-4486 Exec Code File Inclusion 2007-08-22 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in index.php in Linkliste 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) styl[top], (2) url_eintrag, or (3) styl[themen] parameter.
166 CVE-2007-4485 Exec Code File Inclusion 2007-08-22 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Butterfly online visitors counter.
167 CVE-2007-4484 Exec Code File Inclusion 2007-08-22 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in login.php in My_REFERER 1.08 allows remote attackers to execute arbitrary PHP code via a URL in the value parameter.
168 CVE-2007-4458 94 Exec Code File Inclusion 2007-08-21 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/class/class_tpl.php in Firesoft allows remote attackers to execute arbitrary PHP code via a URL in the cache_file parameter.
169 CVE-2007-4439 Exec Code File Inclusion 2007-08-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in popup_window.php in Squirrelcart 1.x.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_isp_root parameter, probably related to cart.php.
170 CVE-2007-4384 Exec Code File Inclusion 2007-08-17 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the (1) NomVote and (2) FilePalHex parameters.
171 CVE-2007-4383 Exec Code File Inclusion 2007-08-17 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in tracking.php in Trackeur 1 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: CVE and a third party dispute this vulnerability because header is defined before use. The researcher is known to be unreliable.
172 CVE-2007-4342 94 Exec Code File Inclusion 2007-08-14 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include.php in PHPCentral Login 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: a third party disputes this vulnerability because of the special nature of the SERVER superglobal array.
173 CVE-2007-4341 Exec Code File Inclusion 2007-08-14 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in adm/my_statistics.php in Omnistar Lib2 PHP 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
174 CVE-2007-4340 Exec Code File Inclusion 2007-08-14 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the dvd_config_file parameter.
175 CVE-2007-4339 94 Exec Code File Inclusion 2007-08-14 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll Script 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter in (1) poll.php and (2) pollarchive.php. NOTE: a reliable third party states that this issue is resultant from a variable extraction error in functions.php.
176 CVE-2007-4331 XSS File Inclusion 2007-08-14 2018-10-15
4.3
None Remote Medium Not required None Partial None
PHP remote file inclusion vulnerability in index.php in FindNix allows remote attackers to include the contents of arbitrary URLs and conduct cross-site scripting (XSS) attacks via a URL in the page parameter.
177 CVE-2007-4330 Exec Code File Inclusion 2007-08-14 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
178 CVE-2007-4329 Exec Code File Inclusion 2007-08-14 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php.
179 CVE-2007-4328 94 Exec Code File Inclusion 2007-08-14 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Galerie 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) galerie.php, or (3) anzagien.php. NOTE: A later report states that 1.1 is also affected, but that the filename for vector 3 is anzeigen.php.
180 CVE-2007-4327 Exec Code File Inclusion 2007-08-14 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in File Uploader 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php or (2) datei.php.
181 CVE-2007-4326 Exec Code File Inclusion 2007-08-14 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) gruppen.php, (2) bild.php, (3) feed.php, (4) mitglieder.php, (5) online.php, (6) profil.php, and possibly other unspecified PHP scripts.
182 CVE-2007-4325 Exec Code File Inclusion 2007-08-14 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.
183 CVE-2007-4320 Exec Code File Inclusion 2007-08-14 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.
184 CVE-2007-4313 Exec Code File Inclusion 2007-08-13 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in public_includes/pub_blocks/activecontent.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter, a different vector than CVE-2006-2392, CVE-2006-3076, and CVE-2006-6958.
185 CVE-2007-4290 94 Exec Code File Inclusion 2007-08-09 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, or (3) inc/common.inc.php; or (4) database.php, (5) entries.php, (6) index.php, (7) logout.php, or (8) settings.php in admin/. NOTE: a third party disputes this vulnerability, noting that these scripts defend against direct requests.
186 CVE-2007-4287 Exec Code File Inclusion 2007-08-09 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in fc_functions/fc_example.php in FishCart 3.2 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the docroot parameter.
187 CVE-2007-4283 Exec Code File Inclusion 2007-08-09 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
188 CVE-2007-4279 Exec Code File Inclusion 2007-08-09 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.
189 CVE-2007-4244 94 Exec Code File Inclusion 2007-08-08 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter.
190 CVE-2007-4235 Exec Code File Inclusion 2007-08-08 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php.
191 CVE-2007-4232 Exec Code File Inclusion 2007-08-08 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter.
192 CVE-2007-4231 Exec Code File Inclusion 2007-08-08 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a different vector than CVE-2007-4094 and CVE-2006-3776.
193 CVE-2007-4186 Exec Code File Inclusion 2007-08-08 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
194 CVE-2007-4181 Exec Code File Inclusion 2007-08-08 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request.
195 CVE-2007-4170 Exec Code File Inclusion 2007-08-07 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) include parameter to (a) Main.php and (b) get.php and the (2) exec parameter to (c) count.php.
196 CVE-2007-4169 94 Exec Code File Inclusion 2007-08-07 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in vgallite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dirpath parameter to _functions.php or the (2) lang parameter to index.php. NOTE: CVE disputes vector 1 because the applicable include_once is located in a function that is not called on a direct request, and because $dirpath is an argument to this function. CVE disputes vector 2 because "lang" is a constant string within an include_once, not a variable. The researcher is also unreliable.
197 CVE-2007-4167 Exec Code File Inclusion 2007-08-07 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in cat_viewed.php in AL-Caricatier 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the CatName parameter.
198 CVE-2007-4127 Exec Code File Inclusion 2007-08-01 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in check_entry.php in Ralf Image Gallery (RIG), aka Raphael Moll RIG Image Gallery, 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir_abs_src parameter. NOTE: this issue is disputed by multiple third parties, who report that the product exits if register_globals is enabled, thereby blocking exploitation. NOTE: CVE-2006-3210.a covers this issue in versions before 1.0.
199 CVE-2007-4120 Exec Code File Inclusion 2007-08-01 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.php, and the (3) specialtemplates parameter to includes/functions_forumdisplay.php. NOTE: this issue is disputed by a reliable third party who states "further investigation has revealed that the application is not vulnerable to this issue." The original researcher also has a history of erroneous claims.
200 CVE-2007-4118 Exec Code File Inclusion 2007-08-01 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/functions.inc.php in phpVoter 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.
Total number of vulnerabilities : 700   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.