Dr Max Virus

26 exploits Active since Dec 2006
CVE-2007-0491 EXPLOITDB WORKING POC
Sky GUNNING MySpeach <= 3.0.6 - Remote File Inclusion via my_ms[root] Parameter
PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information.
CVE-2006-6567 EXPLOITDB text WORKING POC
mxBB kb_mods - Remote File Inclusion via module_root_path Parameter
PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2007-2664 EXPLOITDB text WORKING POC
yet_another_asterisk_panel < 1.5 - Remote File Inclusion via root_path Parameter
PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function.
CVE-2007-0558 EXPLOITDB text WORKING POC
Inter7 vHostAdmin 1.0 - Remote File Inclusion via MODULES_DIR Parameter
PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter.
CVE-2006-6891 EXPLOITDB text WRITEUP
Vz (Adp) Forum 2.0.3 - Info Disclosure
Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt.
EIP-2026-113113 EXPLOITDB text WRITEUP
Virtual Host Administrator 0.1 - Modules_Dir Remote File Inclusion
CVE-2006-6551 EXPLOITDB python WORKING POC
Tucows Client Code Suite 1.2.1015 - Remote File Inclusion via _ENV[TCA_HOME] Parameter
PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME] parameter.
CVE-2007-0559 EXPLOITDB text WORKING POC
rp_world 1.0.2 - Remote File Inclusion via sql_language Parameter
PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter.
EIP-2026-111598 EXPLOITDB text WORKING POC
PwsPHP 1.1 - '/themes/fin.php' Remote File Inclusion
CVE-2007-0511 EXPLOITDB text WRITEUP
phpXMLDOM 0.3 - Remote File Inclusion via Path Parameter
Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/.
CVE-2007-0495 EXPLOITDB text WORKING POC
PhpSherpa - Remote File Inclusion via racine Parameter
PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.
EIP-2026-110534 EXPLOITDB text WRITEUP
Pearl Forums 2.4 - Multiple Remote File Inclusions
CVE-2006-6888 EXPLOITDB text WRITEUP
P-News 1.16 and 1.17 - Unauthenticated Sensitive Information Exposure via Direct Request
P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat.
CVE-2007-0360 EXPLOITDB text WORKING POC
Oreon < 1.2.3_rc4 - Remote File Inclusion via lang/index.php file Parameter
PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2006-6615 EXPLOITDB perl WORKING POC
mxBB Activity Games Module 0.92 - Remote File Inclusion via module_root_path Parameter
PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2006-6711 EXPLOITDB text WRITEUP
Newxooper 0.9.1 - Remote File Inclusion via compteur/mapage.php chemin Parameter
PHP remote file inclusion vulnerability in compteur/mapage.php in Newxooper 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
CVE-2007-0496 EXPLOITDB text WORKING POC
Neon Labs Website < 3.2 - Remote File Inclusion via g_strRootDir Parameter
PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.
CVE-2007-0498 EXPLOITDB text WORKING POC
MySpeach 2.1 beta - Remote File Inclusion via my[root] Parameter
PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.
CVE-2006-6553 EXPLOITDB perl WORKING POC
mxbb_newssuite 1.03 - Remote File Inclusion via mx_root_path Parameter
PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
CVE-2006-6568 EXPLOITDB text WORKING POC
mxBB Knowledge Base Module 2.0.2 - Directory Traversal via phpEx Parameter
Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter.
CVE-2006-6203 EXPLOITDB text WORKING POC
Flyspray ME 1.0.1 - Directory Traversal via File Parameter
Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2006-6453 EXPLOITDB perl WORKING POC
J-OWAMP Web Interface 2.1 - Authenticated Remote File Inclusion via JOWAMP_ShowPage.php Link Parameter
PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter.
EIP-2026-106160 EXPLOITDB text WORKING POC
Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Remote File Inclusion
CVE-2007-0508 EXPLOITDB text WRITEUP
BBClone 0.31 - Remote File Inclusion via BBC_LANGUAGE_PATH Parameter
PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter.
CVE-2007-0314 EXPLOITDB text WORKING POC
Article System 1.0 - Remote File Inclusion via INCLUDE_DIR Parameter
Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php.