Aesthetico

13 exploits Active since Apr 2006
CVE-2006-3210 EXPLOITDB WORKING POC
Ralf Image Gallery < 1.0 - Remote File Inclusion and Directory Traversal via dir_abs_src Parameter
Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs or ".." sequences in the (1) dir_abs_src parameter in (a) check_entry.php, (b) admin_album.php, (c) admin_image.php, and (d) admin_util.php; and the (2) dir_abs_admin_src parameter in admin_album.php and admin_image.php. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) attacks.
CVE-2006-1749 EXPLOITDB WORKING POC
phpListPro <= 2.01 - Remote Code Execution via config.php returnpath Parameter
PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well.
CVE-2006-7055 EXPLOITDB text WORKING POC
TotalCalendar < 2.30 - Remote File Inclusion via inc_dir Parameter
PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922.
CVE-2006-3793 EXPLOITDB text WORKING POC
sitedepth_cms < 3.01 - Remote File Inclusion via SD_DIR Parameter
PHP remote file inclusion vulnerability in constants.php in SiteDepth CMS 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SD_DIR parameter.
CVE-2006-3050 EXPLOITDB text WRITEUP
SixCMS <6.0.6patch2 - Path Traversal
Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter.
CVE-2006-3051 EXPLOITDB text WRITEUP
SixCMS < 6.0.6patch2 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter.
CVE-2006-2681 EXPLOITDB text WORKING POC
SocketMail Lite and Pro < 2.2.6 - Remote Code Execution via site_path Parameter
PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) index.php and (2) inc-common.php.
CVE-2007-4127 EXPLOITDB text WORKING POC
Ralf Image Gallery 1.0 - Remote File Inclusion via dir_abs_src Parameter
PHP remote file inclusion vulnerability in check_entry.php in Ralf Image Gallery (RIG), aka Raphael Moll RIG Image Gallery, 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir_abs_src parameter. NOTE: this issue is disputed by multiple third parties, who report that the product exits if register_globals is enabled, thereby blocking exploitation. NOTE: CVE-2006-3210.a covers this issue in versions before 1.0
CVE-2006-2323 EXPLOITDB text WORKING POC
phpListPro < 2.01 - Remote File Inclusion via returnpath Parameter
Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in (1) editsite.php, (2) addsite.php, and (3) in.php. NOTE: The config.php vector is already covered by CVE-2006-1749.
EIP-2026-111142 EXPLOITDB text WORKING POC
phpMyAgenda 3.0 Final - 'rootagenda' Remote File Inclusion
CVE-2006-2881 EXPLOITDB text WORKING POC
DreamAccount < 3.1 - Remote File Inclusion via da_path Parameter
Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts.
CVE-2006-2852 EXPLOITDB text WORKING POC
dotwidget_cms 1.0.6 - Remote Code Execution via file_path Parameter
PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter in (1) index.php, (2) feedback.php, and (3) printfriendly.php.
CVE-2006-1959 EXPLOITDB text WORKING POC
ActualScripts ActualAnalyzer Lite <2.72, Gold <7.63, Server <8.23 -...
PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.