AzzCoder

5 exploits Active since Sep 2006
CVE-2008-3399 EXPLOITDB text WRITEUP
XRMS CRM 1.99.2 - Remote Code Execution via Include Directory Parameter
PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.
CVE-2008-3398 EXPLOITDB text WRITEUP
xrms_crm 1.99.2 - Cross-Site Scripting via msg Parameter
Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.
CVE-2008-3400 EXPLOITDB text WRITEUP
xrms_crm 1.99.2 - Exposure of Sensitive Information via Direct Request to tests/info.php
XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.
CVE-2006-4968 EXPLOITDB text WORKING POC
PNphpBB 1.2g - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-4780 EXPLOITDB text WORKING POC
phpBB XS < 0.58 - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.