Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file inclusion vulnerabilities and exploits
(subscribe to this query)
760
VMScore
CVE-2006-5291
PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote malicious users to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third part...
Alex Downloadengine 1.4.2
2 EDB exploits
760
VMScore
CVE-2005-0859
PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote malicious users to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is l...
Czaries Network Czarnews 1.13b
2 EDB exploits
685
VMScore
CVE-2008-2982
Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2, when register_globals is enabled, allow remote malicious users to include and execute arbitrary local files via directory traversal sequences in the (1) thumb_template parameter to (a) admin/templates/templat...
Homeph Design Homeph Design 2.10
1 EDB exploit
585
VMScore
CVE-2011-1099
Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls prior to 1.0.2 allow remote malicious users to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p par...
Focalmedia.net Quick Polls
1 EDB exploit
685
VMScore
CVE-2008-2981
PHP remote file inclusion vulnerability in admin/templates/template_thumbnail.php in HomePH Design 2.10 RC2, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the thumb_template parameter.
Homeph Design Homeph Design 2.10
1 EDB exploit
505
VMScore
CVE-2014-5465
Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and previous versions for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter.
Werdswords Download Shortcode 0.2
Werdswords Download Shortcode 0.1
Werdswords Download Shortcode
Werdswords Download Shortcode 0.2.2
1 EDB exploit
760
VMScore
CVE-2007-4551
PHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote malicious users to execute arbitrary PHP code via a URL in the loadpage parameter.
Agares Media Arcadem 2.0.1
2 EDB exploits
755
VMScore
CVE-2009-4541
Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote malicious users to execute arbitrary PHP code via a URL in the lang parameter to (1) newticket.php or (2) rempass.php, or a URL in the lang parameter in an adduser action to (3) index.p...
Isolsoft Support Center 2.5
1 EDB exploit
905
VMScore
CVE-2015-8358
Directory traversal vulnerability in the bitrix.mpbuilder module prior to 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php...
Bitrix Mpbuilder
1 EDB exploit
685
VMScore
CVE-2010-4330
Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic prior to 1.2.9 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php.
Pulsecms Pulse Cms
Pulsecms Pulse Cms 1.2.7
Pulsecms Pulse Cms 1.2
Pulsecms Pulse Cms 1.18
Pulsecms Pulse Cms 1.17
Pulsecms Pulse Cms 1.2.4
Pulsecms Pulse Cms 1.2.3
Pulsecms Pulse Cms 1.1
Pulsecms Pulse Cms 1.01
Pulsecms Pulse Cms 1.2.2
Pulsecms Pulse Cms 1.2.1
Pulsecms Pulse Cms 1.0
Pulsecms Pulse Cms 1.2.6
Pulsecms Pulse Cms 1.2.5
Pulsecms Pulse Cms 1.16
Pulsecms Pulse Cms 1.15
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »