3l3ctric-Cracker

24 exploits Active since Dec 2006
CVE-2006-6567 EXPLOITDB text WORKING POC
PHP <mxKB 2.0.2 - RCE
PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2007-2664 EXPLOITDB text WORKING POC
Yaap <1.5 - RCE
PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function.
CVE-2006-6891 EXPLOITDB text WRITEUP
Vz (Adp) Forum 2.0.3 - Info Disclosure
Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt.
CVE-2007-0558 EXPLOITDB text WORKING POC
Inter7 vHostAdmin 1.0 - RCE
PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter.
CVE-2006-6551 EXPLOITDB python WORKING POC
Tucows CCS <1.2.1015 - RCE
PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME] parameter.
CVE-2007-0559 EXPLOITDB text WORKING POC
RPW 1.0.2 - Code Injection
PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter.
EIP-2026-111598 EXPLOITDB text WORKING POC
PwsPHP 1.1 - '/themes/fin.php' Remote File Inclusion
CVE-2007-0511 EXPLOITDB text WRITEUP
phpXMLDOM <0.3 - RCE
Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/.
CVE-2007-0495 EXPLOITDB text WORKING POC
PhpSherpa - RCE
PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.
EIP-2026-110534 EXPLOITDB text WRITEUP
Pearl Forums 2.4 - Multiple Remote File Inclusions
CVE-2007-0360 EXPLOITDB text WORKING POC
Oreon 1.2.3 RC4 - RCE
PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2006-6888 EXPLOITDB text WRITEUP
P-News 1.16/1.17 - Info Disclosure
P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat.
CVE-2006-6711 EXPLOITDB text WRITEUP
Newxooper 0.9.1 - RCE
PHP remote file inclusion vulnerability in compteur/mapage.php in Newxooper 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
CVE-2007-0496 EXPLOITDB text WORKING POC
Neon Labs Website <3.2 - RCE
PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.
CVE-2007-0498 EXPLOITDB text WORKING POC
MySpeach 2.1 beta - RCE
PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.
CVE-2006-6553 EXPLOITDB perl WORKING POC
NewsSuite 1.03 - RCE
PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
CVE-2006-6568 EXPLOITDB text WORKING POC
mxBB <2.0.2 - Path Traversal
Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter.
CVE-2006-6615 EXPLOITDB perl WORKING POC
mxBB 0.92 - RCE
PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2006-6203 EXPLOITDB text WORKING POC
Krishan Flyspray - Path Traversal
Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2006-6453 EXPLOITDB perl WORKING POC
J-OWAMP Web Interface 2.1 - RCE
PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter.
EIP-2026-106160 EXPLOITDB text WORKING POC
Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Remote File Inclusion
CVE-2007-0508 EXPLOITDB text WRITEUP
BBClone 0.31 - RCE
PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter.
CVE-2007-0314 EXPLOITDB text WORKING POC
Article System 1.0 - RCE
Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php.
CVE-2006-6877 EXPLOITDB text WORKING POC
Matteo Lucarelli 3editor CMS <0.42 - Path Traversal
Directory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter.