CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2007(File Inclusion)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2007-3084 Exec Code File Inclusion 2007-06-06 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441.
252 CVE-2007-3081 Exec Code File Inclusion 2007-06-06 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
253 CVE-2007-3066 Exec Code File Inclusion 2007-06-06 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and (4) polls.inc.php in inc/; and other unspecified files, different vectors than CVE-2006-3983.
254 CVE-2007-3058 Exec Code File Inclusion 2007-06-06 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
255 CVE-2007-3057 Exec Code File Inclusion 2007-06-06 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
256 CVE-2007-2986 Exec Code File Inclusion 2007-06-01 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lib/live_status.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter.
257 CVE-2007-2969 Exec Code File Inclusion 2007-06-01 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter.
258 CVE-2007-2947 Exec Code File Inclusion 2007-05-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php.
259 CVE-2007-2943 Exec Code File Inclusion 2007-05-31 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
260 CVE-2007-2941 Exec Code File Inclusion 2007-05-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.
261 CVE-2007-2940 Exec Code File Inclusion 2007-05-31 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php.
262 CVE-2007-2939 Exec Code File Inclusion 2007-05-31 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/.
263 CVE-2007-2937 Exec Code File Inclusion 2007-05-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter.
264 CVE-2007-2936 Exec Code File Inclusion 2007-05-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.
265 CVE-2007-2900 94 Exec Code File Inclusion 2007-05-30 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/.
266 CVE-2007-2891 Exec Code File Inclusion 2007-05-30 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php.
267 CVE-2007-2861 Exec Code File Inclusion 2007-05-24 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php.
268 CVE-2007-2859 Exec Code File Inclusion 2007-05-24 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7) emoticons.php, (8) gbdownload.php, and possibly other PHP scripts.
269 CVE-2007-2857 Exec Code File Inclusion 2007-05-24 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter.
270 CVE-2007-2826 94 Exec Code File Inclusion 2007-05-22 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter.
271 CVE-2007-2816 94 Exec Code File Inclusion 2007-05-22 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/.
272 CVE-2007-2793 Exec Code File Inclusion 2007-05-22 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter.
273 CVE-2007-2779 Exec Code File Inclusion 2007-05-21 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter.
274 CVE-2007-2774 Exec Code File Inclusion 2007-05-21 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php.
275 CVE-2007-2762 Exec Code File Inclusion 2007-05-18 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Build it Fast (bif3) 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the pear_dir parameter to Base/Application.php, or the (2) sys_dir parameter to (a) Footer.php, (b) widget.BifContainer.php, (c) widget.BifRoot.php, (d) widget.BifRoot2.php, (e) widget.BifRoot3.php, or (f) widget.BifWarning.php in Widgets/Base/.
276 CVE-2007-2751 Exec Code File Inclusion 2007-05-17 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter to (1) admin/inc/change_action.php or (2) admin/inc/add.php.
277 CVE-2007-2743 Exec Code File Inclusion 2007-05-17 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter.
278 CVE-2007-2736 Exec Code File Inclusion 2007-05-17 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
279 CVE-2007-2710 Exec Code File Inclusion 2007-05-16 2012-11-06
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
280 CVE-2007-2709 Exec Code File Inclusion 2007-05-16 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter.
281 CVE-2007-2708 Exec Code File Inclusion 2007-05-16 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
282 CVE-2007-2707 Exec Code File Inclusion 2007-05-16 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter.
283 CVE-2007-2706 Exec Code File Inclusion 2007-05-16 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter.
284 CVE-2007-2679 Exec Code File Inclusion 2007-05-15 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts (sphp) allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the file_exists function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
285 CVE-2007-2677 Exec Code File Inclusion 2007-05-14 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php.
286 CVE-2007-2676 Exec Code File Inclusion 2007-05-14 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter.
287 CVE-2007-2665 Exec Code File Inclusion 2007-05-14 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter.
288 CVE-2007-2664 Exec Code File Inclusion 2007-05-14 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function.
289 CVE-2007-2663 Exec Code File Inclusion 2007-05-14 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter.
290 CVE-2007-2660 Exec Code File Inclusion 2007-05-14 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199.
291 CVE-2007-2634 Exec Code File Inclusion 2007-05-13 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
292 CVE-2007-2628 Exec Code File Inclusion 2007-05-11 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.
293 CVE-2007-2620 Exec Code File Inclusion 2007-05-11 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub Steiner (aka jimmac) original 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the x[1] parameter.
294 CVE-2007-2615 Exec Code File Inclusion 2007-05-11 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php.
295 CVE-2007-2614 Exec Code File Inclusion 2007-05-11 2018-10-16
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter.
296 CVE-2007-2611 Exec Code File Inclusion 2007-05-11 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/.
297 CVE-2007-2609 94 Exec Code File Inclusion 2007-05-11 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.
298 CVE-2007-2608 Exec Code File Inclusion 2007-05-11 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter.
299 CVE-2007-2607 Exec Code File Inclusion 2007-05-11 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter.
300 CVE-2007-2597 Exec Code File Inclusion 2007-05-11 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2) tt_docroot parameter to (a) class.csv.php, (b) produkte_nach_serie.php, or (c) ref_kd_rubrik.php in functionen/; (d) hg_referenz_jobgalerie.php, (e) surfer_anmeldung_NWL.php, (f) produkte_nach_serie_alle.php, (g) surfer_aendern.php, (h) ref_kd_rubrik.php, or (i) referenz.php in module/; or (j) 1/lay.php or (k) 3/lay.php in standard/.
Total number of vulnerabilities : 700   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.