Aesthetico

13 exploits Active since Apr 2006
CVE-2006-3210 EXPLOITDB WORKING POC
RIG <1.0 - RCE, Path Traversal
Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs or ".." sequences in the (1) dir_abs_src parameter in (a) check_entry.php, (b) admin_album.php, (c) admin_image.php, and (d) admin_util.php; and the (2) dir_abs_admin_src parameter in admin_album.php and admin_image.php. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) attacks.
CVE-2006-1749 EXPLOITDB WORKING POC
phpListPro <2.1 - RCE
PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well.
CVE-2006-7055 EXPLOITDB text WORKING POC
TotalCalendar <2.30 - RCE
PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922.
CVE-2006-3793 EXPLOITDB text WORKING POC
SiteDepth CMS <3.01 - RCE
PHP remote file inclusion vulnerability in constants.php in SiteDepth CMS 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SD_DIR parameter.
CVE-2006-3050 EXPLOITDB text WRITEUP
SixCMS <6.0.6patch2 - Path Traversal
Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter.
CVE-2006-3051 EXPLOITDB text WRITEUP
SixCMS <6.0.6.2 - XSS
Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter.
CVE-2006-2681 EXPLOITDB text WORKING POC
Socketmail < 2.2.6 - Code Injection
PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) index.php and (2) inc-common.php.
CVE-2007-4127 EXPLOITDB text WORKING POC
Ralf Image Gallery 1.0 - RCE
PHP remote file inclusion vulnerability in check_entry.php in Ralf Image Gallery (RIG), aka Raphael Moll RIG Image Gallery, 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir_abs_src parameter. NOTE: this issue is disputed by multiple third parties, who report that the product exits if register_globals is enabled, thereby blocking exploitation. NOTE: CVE-2006-3210.a covers this issue in versions before 1.0
CVE-2006-2323 EXPLOITDB text WORKING POC
phpListPro <2.01 - RCE
Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in (1) editsite.php, (2) addsite.php, and (3) in.php. NOTE: The config.php vector is already covered by CVE-2006-1749.
EIP-2026-111142 EXPLOITDB text WORKING POC
phpMyAgenda 3.0 Final - 'rootagenda' Remote File Inclusion
CVE-2006-2881 EXPLOITDB text WORKING POC
DreamAccount <3.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts.
CVE-2006-2852 EXPLOITDB text WORKING POC
dotWidget CMS <1.0.6 - RCE
PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter in (1) index.php, (2) feedback.php, and (3) printfriendly.php.
CVE-2006-1959 EXPLOITDB text WORKING POC
ActualScripts ActualAnalyzer Lite <2.72, Gold <7.63, Server <8.23 -...
PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.