Cyber-Security

14 exploits Active since Jul 2006
CVE-2007-2816 EXPLOITDB WORKING POC
ol_bookmarks 0.7.4 - Remote Code Execution via Root Parameter in Theme Files
Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/.
CVE-2007-2817 EXPLOITDB text WORKING POC
ol_bookmarks 0.7.4 - SQL Injection via id Parameter
SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-2937 EXPLOITDB text WRITEUP
TROforum 0.1 - Remote File Inclusion via site_url Parameter
PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter.
CVE-2007-2774 EXPLOITDB text WRITEUP
SunLight CMS 5.3 - Remote File Inclusion via Root Parameter
Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php.
CVE-2006-5636 EXPLOITDB text WORKING POC
Simple Website Software <0.99 - RCE
PHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter.
CVE-2007-2900 EXPLOITDB text WRITEUP
Scallywag 2005-04-25 - Remote Code Execution via Path Parameter in Template.php
Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/.
CVE-2007-0702 EXPLOITDB text WORKING POC
phpEventMan 1.0.2 - Remote File Inclusion via Level Parameter
Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php.
CVE-2008-6409 EXPLOITDB text WORKING POC
ol'bookmarks manager 0.7.5 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action.
CVE-2006-5613 EXPLOITDB text WORKING POC
MP3 Streaming DownSampler <3.0 - RCE
PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSampler (mp3SDS) 3.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the fullpath parameter
CVE-2007-2779 EXPLOITDB text WRITEUP
libstats < 1.0.3 - Remote File Inclusion via rInfo[content] Parameter
PHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter.
CVE-2007-4128 EXPLOITDB text WORKING POC
Firestorm Technologies GMaps <1.00 - SQL Injection
SQL injection vulnerability in index.php in the Firestorm Technologies GMaps (com_gmaps) 1.00 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mapId parameter in a viewmap action.
CVE-2006-7107 EXPLOITDB text WORKING POC
Coalescent Systems freePBX <2.1.3 - RCE
PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter.
CVE-2007-2940 EXPLOITDB text WRITEUP
FlaP 1.0b - Remote File Inclusion via pachtofile Parameter
Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php.
CVE-2006-3683 EXPLOITDB text WRITEUP
flipper_poll < 1.1 - Remote File Inclusion via poll.php root_path Parameter
PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.