CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004(File Inclusion)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-2740 94 File Inclusion 2004-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter.
2 CVE-2004-2602 Exec Code File Inclusion 2004-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php.
3 CVE-2004-2601 Exec Code File Inclusion 2004-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php.
4 CVE-2004-2573 Exec Code File Inclusion 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter.
5 CVE-2004-2368 Exec Code File Inclusion 2004-12-31 2013-07-22
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 allows remote attackers to execute arbitrary PHP code via the systempath parameter.
6 CVE-2004-2195 Exec Code File Inclusion 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter.
7 CVE-2004-2124 File Inclusion 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
8 CVE-2004-2053 Exec Code File Inclusion 2004-07-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in EasyIns Stadtportal 4 allows remote attackers to execute arbitrary PHP code via the site parameter.
9 CVE-2004-2041 Exec Code File Inclusion 2004-05-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
10 CVE-2004-2018 Exec Code File Inclusion 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code.
11 CVE-2004-2010 Exec Code File Inclusion 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg.
12 CVE-2004-1989 Exec Code File Inclusion 2004-04-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.
13 CVE-2004-1988 Exec Code File Inclusion 2004-04-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.
14 CVE-2004-1943 Exec Code File Inclusion 2004-04-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
15 CVE-2004-1934 Exec Code File Inclusion 2004-04-15 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter.
16 CVE-2004-1820 Exec Code File Inclusion 2004-03-15 2013-09-02
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php.
17 CVE-2004-1796 Exec Code File Inclusion 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.
18 CVE-2004-1734 Exec Code File Inclusion 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code.
19 CVE-2004-1693 Exec Code File Inclusion 2004-09-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.
20 CVE-2004-1660 Exec Code File Inclusion 2004-08-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php.
21 CVE-2004-1592 Exec Code File Inclusion 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script.
22 CVE-2004-1582 Exec Code File Inclusion 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called "libpach") to reference a URL on a remote web server that contains _more.php, as demonstrated using checkdb.inc.php.
23 CVE-2004-1554 Exec Code File Inclusion 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a remote web server that contains the code.
24 CVE-2004-1535 Exec Code File Inclusion 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code.
25 CVE-2004-1427 Exec Code File Inclusion 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded.
26 CVE-2004-1423 94 1 Exec Code File Inclusion 2004-12-31 2011-09-08
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
27 CVE-2004-1421 Exec Code File Inclusion 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the server_inc parameter to reference a URL on a remote web server that contains the code.
28 CVE-2004-1419 94 Exec Code File Inclusion 2004-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code.
29 CVE-2004-1403 Exec Code File Inclusion 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code.
30 CVE-2004-0624 Exec Code File Inclusion 2004-12-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php for Artmedic links 5.0 (artmedic_links5) allows remote attackers to execute arbitrary PHP code by modifying the id parameter to reference a URL on a remote web server that contains the code.
31 CVE-2004-0285 94 Exec Code File Inclusion 2004-11-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.
32 CVE-2004-0246 Exec Code File Inclusion 2004-11-23 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, and (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter.
33 CVE-2004-0132 Exec Code File Inclusion 2004-03-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php.
34 CVE-2004-0128 Exec Code File Inclusion 2004-03-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script.
35 CVE-2004-0073 Exec Code File Inclusion 2004-02-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script.
36 CVE-2004-0070 Exec Code File Inclusion 2004-02-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code.
37 CVE-2004-0068 Exec Code File Inclusion 2004-02-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code.
38 CVE-2004-0030 Exec Code File Inclusion 2004-01-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.
Total number of vulnerabilities : 38   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.