Charles "real" F.

11 exploits Active since Mar 2008
CVE-2008-7123 EXPLOITDB php WORKING POC
Zkup - Code Injection
Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check.
CVE-2008-1506 EXPLOITDB php WORKING POC
PEEL <3.x - Info Disclosure
PEEL, possibly 3.x and earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2008-1496 EXPLOITDB php WORKING POC
PEEL <3.x - SQL Injection
Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.
CVE-2008-1495 EXPLOITDB php WORKING POC
PEEL <3.x - RCE
Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and earlier, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf.
CVE-2008-7124 EXPLOITDB php WORKING POC
Zkup - Authentication Bypass
zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
CVE-2008-7124 EXPLOITDB php WORKING POC
Zkup - Authentication Bypass
zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
EIP-2026-111221 EXPLOITDB php WORKING POC
phpTournois G4 - Arbitrary File Upload / Code Execution
EIP-2026-110891 EXPLOITDB php WORKING POC
PHP-Nuke Platinium 7.6.b.5 - Remote Code Execution
CVE-2008-1507 EXPLOITDB php WORKING POC
PEEL <3.x - Info Disclosure
PEEL, possibly 3.x and earlier, has (1) a default [email protected] account with password admin, and (2) a default [email protected] account with password cinema, which allows remote attackers to gain administrative access.
EIP-2026-109988 EXPLOITDB php WORKING POC
Nuked-klaN 1.7.6 - Multiple Vulnerabilities
CVE-2008-6833 EXPLOITDB php WORKING POC
Fuzzylime (cms) - Path Traversal
Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element for a blogs action, as demonstrated by the files[0] parameter.