CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2005(File Inclusion)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4824 Exec Code File Inclusion 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in web/classes.php in Siteframe before 3.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the LOCAL_PATH parameter, a different vulnerability than CVE-2005-1965.
2 CVE-2005-4748 Exec Code XSS File Inclusion 2005-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote attackers to include and execute arbitrary PHP code via unspecified attack vectors. NOTE: this issue has been referred to as XSS, but it is clear from the vendor description that it is a file inclusion problem.
3 CVE-2005-4593 Exec Code File Inclusion 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary code via a URL in the (1) FORUM[LIB] parameter in Documentation/tests/bug-559668.php and (2) the root_dir parameter in docbuilder/file_dialog.php.
4 CVE-2005-4474 DoS Exec Code Overflow File Inclusion 2005-12-21 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE.
5 CVE-2005-4211 Exec Code File Inclusion 2005-12-14 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $_CCFG[_PKG_PATH_DBSE] variable.
6 CVE-2005-3861 94 Exec Code File Inclusion 2005-11-29 2011-08-23
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in content.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
7 CVE-2005-3860 94 Exec Code File Inclusion 2005-11-29 2011-08-23
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter.
8 CVE-2005-3859 94 Exec Code File Inclusion 2005-11-29 2011-08-10
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
9 CVE-2005-3835 94 Exec Code File Inclusion 2005-11-26 2011-08-10
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter.
10 CVE-2005-3797 Exec Code File Inclusion 2005-11-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter.
11 CVE-2005-3775 94 File Inclusion 2005-11-22 2011-08-23
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter.
12 CVE-2005-3738 File Inclusion 2005-11-22 2008-09-05
2.6
None Remote High Not required None Partial None
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
13 CVE-2005-3639 Dir. Trav. File Inclusion 2005-11-16 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability.
14 CVE-2005-3574 File Inclusion 2005-11-16 2008-09-05
5.0
None Remote Low Not required Partial None None
PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter.
15 CVE-2005-3571 94 File Inclusion 2005-11-16 2011-08-23
5.0
None Remote Low Not required Partial None None
PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled. NOTE: It was later reported that PHPFanBase 2.2 is also affected.
16 CVE-2005-3558 Exec Code File Inclusion 2005-11-16 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters.
17 CVE-2005-3519 Exec Code File Inclusion 2005-11-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.
18 CVE-2005-3404 File Inclusion 2005-11-01 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.
19 CVE-2005-3366 Exec Code XSS File Inclusion 2005-10-30 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher.
20 CVE-2005-3335 Exec Code File Inclusion 2005-10-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
21 CVE-2005-3328 Exec Code File Inclusion 2005-10-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter.
22 CVE-2005-3299 File Inclusion 2005-10-23 2008-09-05
5.0
None Remote Low Not required None Partial None
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
23 CVE-2005-3062 Exec Code File Inclusion 2005-09-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter.
24 CVE-2005-3017 XSS File Inclusion 2005-09-21 2008-09-05
4.3
None Remote Medium Not required None Partial None
PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting (XSS).
25 CVE-2005-2865 Exec Code File Inclusion 2005-09-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3.4 allow remote attackers to execute arbitrary PHP code via the config[root_dir] parameter to (1) mysql.inc.php, (2) efsnet.inc.php, (3) theinternetcommerce.inc.php, (4) cdg.inc.php, (5) compuworld.inc.php, (6) directone.inc.php, (7) authorize_aim.inc.php, (8) beanstream.inc.php, (9) config.inc.php, (10) eprocessingnetwork.inc.php, (11) eway.inc.php, (12) linkpoint.inc.php, (13) logiccommerce.inc.php, (14) netbilling.inc.php, (15) payflow_pro.inc.php, (16) paymentsgateway.inc.php, (17) payos.inc.php, (18) payready.inc.php, or (19) plugnplay.inc.php.
26 CVE-2005-2846 Exec Code File Inclusion 2005-09-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.
27 CVE-2005-2793 Exec Code File Inclusion 2005-09-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.
28 CVE-2005-2782 Exec Code Bypass File Inclusion 2005-09-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for "http" and "https" URLs.
29 CVE-2005-2775 Exec Code File Inclusion 2005-09-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
php_api.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $t_path_core, which leads to a PHP file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code via the t_path_core parameter.
30 CVE-2005-2717 Exec Code File Inclusion 2005-08-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts.
31 CVE-2005-2687 Exec Code File Inclusion 2005-08-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php.
32 CVE-2005-2633 Exec Code File Inclusion 2005-08-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter.
33 CVE-2005-2567 Exec Code File Inclusion 2005-08-16 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter.
34 CVE-2005-2544 Exec Code File Inclusion 2005-08-10 2008-09-05
5.0
None Remote Low Not required None Partial None
PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the path[docroot] parameter.
35 CVE-2005-2413 Exec Code File Inclusion 2005-08-03 2008-09-05
5.0
None Remote Low Not required None Partial None
PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in Atomic Photo Album (APA) allows remote attackers to execute arbitrary PHP code via the apa_module_basedir parameter.
36 CVE-2005-2412 Exec Code File Inclusion 2005-08-03 2008-09-05
5.0
None Remote Low Not required None Partial None
PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter.
37 CVE-2005-2331 Exec Code File Inclusion 2005-07-20 2008-09-05
5.0
None Remote Low Not required None Partial None
PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter.
38 CVE-2005-2328 Exec Code File Inclusion 2005-07-20 2008-09-05
5.0
None Remote Low Not required None Partial None
PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 and 0.3.2.7 allows remote attackers to execute arbitrary PHP code via the CFG_PATH variable.
39 CVE-2005-2321 Exec Code File Inclusion 2005-07-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote attackers to execute arbitrary code via the CLPATH parameter to (1) cl_minical.php, (2) clmcpreload.php, (3) mcconfig.php, or (4) mcpi-demo.php.
40 CVE-2005-2258 Exec Code File Inclusion 2005-07-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter.
41 CVE-2005-2251 1 Exec Code File Inclusion 2005-07-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468.
42 CVE-2005-2249 File Inclusion 2005-07-13 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability.
43 CVE-2005-2246 1 Exec Code File Inclusion 2005-07-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to execute arbitrary code via the (1) doc_path parameter to getpage.php or (2) set_menu parameter to lib/static/header.php.
44 CVE-2005-2216 Exec Code File Inclusion 2005-07-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter.
45 CVE-2005-2199 Exec Code File Inclusion 2005-07-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable.
46 CVE-2005-2198 Exec Code File Inclusion 2005-07-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter.
47 CVE-2005-2179 Exec Code File Inclusion 2005-07-11 2008-09-05
5.0
None Remote Low Not required None Partial None
PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter.
48 CVE-2005-2162 Exec Code File Inclusion 2005-07-06 2008-09-05
5.0
None Remote Low Not required None Partial None
PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter.
49 CVE-2005-2157 Exec Code File Inclusion 2005-07-06 2008-09-05
5.0
None Remote Low Not required None Partial None
PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter.
50 CVE-2005-2155 Exec Code File Inclusion 2005-07-06 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter.
Total number of vulnerabilities : 100   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.