CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2011(File Inclusion)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-3981 94 1 Exec Code File Inclusion 2011-10-04 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
2 CVE-2010-5040 94 1 Exec Code File Inclusion 2011-11-02 2011-11-16
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information.
3 CVE-2010-5038 94 1 Exec Code File Inclusion 2011-11-02 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in contact/contact.php in Groone's Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
4 CVE-2010-4998 94 2 Exec Code File Inclusion 2011-11-02 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained from third party information.
5 CVE-2010-4988 94 1 Exec Code File Inclusion 2011-11-01 2012-02-07
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in mod_chatting/themes/default/header.php in Family Connections Who is Chatting 2.2.3 allows remote attackers to execute arbitrary PHP code via a URL in the TMPL[path] parameter.
6 CVE-2010-4948 94 1 Exec Code File Inclusion 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in PHP Free Photo Gallery script allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
7 CVE-2010-4943 94 1 Exec Code File Inclusion 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php.
8 CVE-2010-4939 94 1 Exec Code File Inclusion 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.
9 CVE-2010-4924 94 1 Exec Code File Inclusion 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party.
10 CVE-2010-4918 94 2 Exec Code File Inclusion 2011-10-08 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php.
11 CVE-2010-4914 94 1 Exec Code File Inclusion 2011-10-08 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter.
12 CVE-2010-4884 94 2 Exec Code File Inclusion 2011-10-07 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.
13 CVE-2010-4879 94 1 Exec Code File Inclusion 2011-10-07 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter.
14 CVE-2010-4878 94 1 Exec Code File Inclusion 2011-10-07 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.
15 CVE-2010-4810 94 1 Exec Code File Inclusion 2011-07-08 2011-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) includes/window_top.php and (2) header.php, and the (3) lang_file parameter to control/common.php.
16 CVE-2010-2789 94 Exec Code File Inclusion 2011-04-26 2011-07-19
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors.
17 CVE-2009-5095 94 2 Exec Code File Inclusion 2011-09-12 2011-09-14
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter.
Total number of vulnerabilities : 17   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.