Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) l parameter to customize.php or the (2) pg parameter to index.php.

The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.

PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php.

Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the search_username parameter in searchuser mode.

Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message.

PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.

soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords.

PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.

PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.

PHP remote file inclusion vulnerability in thatfile.php in Thatware 0.3 through 0.5.2 allows remote attackers to execute arbitrary PHP code via the root_path parameter.

php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.

Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted into news.php3.

Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) addyoursite.php in phpLinkat 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the catid parameter.

Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords.

phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses.

phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information.

Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket.

Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag.

An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.

Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts.