[Oo]

14 exploits Active since Feb 2006
CVE-2006-0757 EXPLOITDB perl WORKING POC
HiveMail <= 1.3 - Remote Code Execution via Eval Injection in Multiple Parameters
Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators.
CVE-2006-7007 EXPLOITDB perl WORKING POC
Tiny FTPd <= 1.4 - Denial of Service via Long USER Command
Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133.
CVE-2006-2151 EXPLOITDB text WORKING POC
phpBB TopList < 1.3.8 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
CVE-2006-2528 EXPLOITDB text WORKING POC
phpBazar 2.1.0 - Remote File Inclusion via Language_dir Parameter
PHP remote file inclusion vulnerability in classified_right.php in phpBazar 2.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.
CVE-2006-2523 EXPLOITDB perl WORKING POC
phpListPro < 2.0.1 - Remote File Inclusion via Language Cookie
PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie.
EIP-2026-110977 EXPLOITDB text WRITEUP
phpBB Knowledge Base 2.0.2 - 'Mod KB_constants.php' Remote File Inclusion
CVE-2006-2137 EXPLOITDB text WORKING POC
OpenPHPNuke < 2.3.3 - Remote File Inclusion via root_path Parameter
PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2006-2134 EXPLOITDB text WORKING POC
PHPbb 2.0.2 - Remote Code Execution
PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2006-2142 EXPLOITDB text WORKING POC
Limbo CMS <= 1.04 - Remote File Inclusion via classes_dir Parameter
PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.
CVE-2006-2363 EXPLOITDB php WORKING POC
Limbo CMS - SQL Injection via Weblinks catid Parameter
SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2006-0759 EXPLOITDB perl WORKING POC
HiveMail <= 1.3 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts; and allow remote authenticated users to execute arbitrary SQL commands via (11) the folderid parameter in index.php and (12) possibly other parameters in certain other scripts, because $_SERVER['PHP_SELF'] is improperly handled.
CVE-2006-7026 EXPLOITDB text WORKING POC
Aardvark Topsites PHP < 4.2.2 - Remote File Inclusion via CONFIG[path] Parameter
PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149.
EIP-2026-104981 EXPLOITDB text WRITEUP
Advanced Guestbook 2.x - 'Addentry.php' Remote File Inclusion
CVE-2006-2152 EXPLOITDB text WORKING POC
phpBB Advanced Guestbook <2.4.0 - RCE
PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.