Ashiyane Corporation

22 exploits Active since May 2005
CVE-2006-5280 EXPLOITDB perl WORKING POC
Leicestershire communityPortals < 1.build_20051018 - Remote Code Execution via cp_root_path Parameter
PHP remote file inclusion vulnerability in includes/import-archive.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter.
CVE-2006-5305 EXPLOITDB perl WORKING POC
lat2cyr < 1.0.1 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5309 EXPLOITDB perl WORKING POC
Prillian French < 0.8.0 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in language/lang_french/lang_prillian_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
EIP-2026-110983 EXPLOITDB perl WORKING POC
phpBB RPG Events 1.0 - 'functions_rpg_events' Remote File Inclusion
CVE-2006-5418 EXPLOITDB perl WORKING POC
phpBB SearchIndexer - Remote Code Execution via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in archive/archive_topic.php in pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
EIP-2026-110984 EXPLOITDB perl WORKING POC
phpBB Security 1.0.1 - 'PHP_security.php' Remote File Inclusion
CVE-2006-5301 EXPLOITDB python WORKING POC
phpBB SpamBlockerMOD < 1.0.2 - Remote Code Execution via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/antispam.php in the SpamBlockerMODv 1.0.2 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5385 EXPLOITDB perl WORKING POC
SpamOborona 1.0b - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in admin/admin_spam.php in the SpamOborona 1.0b and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5263 EXPLOITDB perl WORKING POC
phpmyagenda < 3.1_beta_1 - Directory Traversal and Arbitrary File Execution via Language Parameter
Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
CVE-2006-7168 EXPLOITDB perl WORKING POC
phpBB - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/not_mem.php in the Add Name module for PHP allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-6593 EXPLOITDB perl WORKING POC
phpBB AMAZONIA MOD - Remote File Inclusion via zufallscodepart.php phpbb_root_path Parameter
PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-7100 EXPLOITDB perl WORKING POC
phpBB Insert User < 0.1.2 - Remote Code Execution via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5306 EXPLOITDB python WORKING POC
phpbb journals_system_module < 1.0.2_rc2 - Remote Code Execution via phpbb_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in the Journals System module 1.0.2 (RC2) and earlier for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/journals_delete.php, (2) includes/journals_post.php, or (3) includes/journals_edit.php.
CVE-2006-5415 EXPLOITDB perl WORKING POC
News Defilante Horizontale <4.1.1 - RCE
PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5387 EXPLOITDB perl WORKING POC
PlusXL 20_272 and earlier - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in mods/iai/includes/constants.php in the PlusXL 20_272 and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5284 EXPLOITDB perl WORKING POC
Shen Cheng-Da PHP News Reader <2.6.4 - RCE
PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen Cheng-Da PHP News Reader (aka pnews) 2.6.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CFG[auth_phpbb_path] parameter.
CVE-2006-7148 EXPLOITDB perl WORKING POC
maluinfo 206.2.38 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893.
CVE-2006-5436 EXPLOITDB perl WORKING POC
FreeFAQ 1.0.e - Remote File Inclusion via faqpath Parameter
PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e allows remote attackers to execute arbitrary PHP code via a URL in the faqpath parameter.
CVE-2006-7146 EXPLOITDB perl WORKING POC
Leicestershire communityPortals < 1.0 - Remote Code Execution via cp_root_path Parameter
PHP remote file inclusion vulnerability in bug.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. NOTE: CVE disputes this issue, since bug.php is not in communityPortals source distributions
CVE-2006-5739 EXPLOITDB perl WORKING POC
Leicestershire communityPortals 1.0 - RCE
PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Leicestershire communityPortals 1.0_2005-10-18_12-31-18 allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280.
CVE-2006-5311 EXPLOITDB perl WORKING POC
Buzlas 2006-1 Full - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Buzlas 2006-1 Full allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2005-1181 EXPLOITDB perl WORKING POC
Ariadne CMS 2.4 - Remote Code Execution via Ariadne Parameter Manipulation
NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor has disputed this issue, saying that loader.php first requires the "ariadne.inc" file, which defines the $ariadne variable, and thus it cannot be modified by an attacker. In addition, CVE personnel have partially verified the dispute via source code inspection of Ariadne 2.4 as available on July 5, 2005