AzzCoder - Security Researcher - Exploit Intelligence Platform

CVE-2008-3399 EXPLOITDB text WRITEUP

XRMS CRM <1.99.2 - RCE

PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.

View Code

CVE-2008-3398 EXPLOITDB text WRITEUP

XRMS CRM 1.99.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.

View Code

CVE-2008-3400 EXPLOITDB text WRITEUP

XRMS CRM 1.99.2 - Info Disclosure

XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.

View Code

CVE-2006-4968 EXPLOITDB text WORKING POC

PNphpBB 1.2g - RCE

PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

View Code

CVE-2006-4780 EXPLOITDB text WORKING POC

phpBB XS <0.58 - RCE

PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

View Code