-
Secunia Advisory 21817
MyABraCaDaWeb "base" File Inclusion Vulnerabilities- Criticality: High
- Description: ERNE has reported some vulnerabilities in MyABraCaDaWeb, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "base" parameter in index.php and pop.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local and external resources.
- Secunia Advisory: http://secunia.com/advisories/21817/
-
Secunia Advisory 21833
RaidenHTTPD "SoftParserFileXml" File Inclusion Vulnerability- Criticality: High
- Description: rgod has discovered a vulnerability in RaidenHTTPD, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "SoftParserFileXml" parameter in raidenhttpd-admin/slice/check.php is not verified before being used to include files. This can be exploited to execute arbitrary PHP code by calling the script directly and including a file from a local or external resource.
- Secunia Advisory: http://secunia.com/advisories/21833/
-
Secunia Advisory 21842
Mandriva update for php- Criticality: High
- Description: Mandriva has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, or by malicious people to potentially compromise a vulnerable system.
- Secunia Advisory: http://secunia.com/advisories/21842/
-
Secunia Advisory 21850
mcGalleryPRO "path_to_folder" File Inclusion Vulnerability- Criticality: High
- Description: Solpot has reported a vulnerability in mcGalleryPRO, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "path_to_folder" parameter in random2.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
- Secunia Advisory: http://secunia.com/advisories/21850/
-
Secunia Advisory 21855
Vivvo Article Management CMS SQL Injection and File Inclusion- Criticality: High
- Description: MercilessTurk has reported some vulnerabilities in Vivvo Article Management CMS, which can be exploited by malicious people to conduct SQL injection attacks and to compromise a vulnerable system.
- Secunia Advisory: http://secunia.com/advisories/21855/
-
Secunia Advisory 21857
Socketwiz Bookmarks "root_dir" File Inclusion Vulnerability- Criticality: High
- Description: Kacper has reported a vulnerability in Socketwiz Bookmarks, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "root_dir" parameter in smarty_config.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
- Secunia Advisory: http://secunia.com/advisories/21857/
