Cedric Cochin

7 exploits Active since Mar 2004
CVE-2004-0132 EXPLOITDB text WRITEUP
ezContents <= 2.0.2 - Remote File Inclusion via GLOBALS Parameter
Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php.
CVE-2004-0132 EXPLOITDB text WRITEUP
ezContents <= 2.0.2 - Remote File Inclusion via GLOBALS Parameter
Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php.
CVE-2004-2573 EXPLOITDB text WORKING POC
phpGroupWare < 0.9.14.005 - Remote File Inclusion via appdir Parameter
PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter.
EIP-2026-111064 EXPLOITDB text WRITEUP
PHPGedView 2.x - 'Editconfig_gedcom.php' Directory Traversal
CVE-2004-0129 EXPLOITDB text WORKING POC
phpMyAdmin <= 2.5.5 - Directory Traversal via Export Parameter
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.
CVE-2004-2574 EXPLOITDB text WORKING POC
phpGroupWare < 0.9.16.005 - Cross-Site Scripting via Date Parameter
Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction.
CVE-2004-0128 EXPLOITDB text WORKING POC
phpGedView <= 2.65.1 - Remote File Inclusion via PGV_BASE_DIRECTORY Parameter
PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script.