Drago84

25 exploits Active since Dec 2002
CVE-2002-2298 EXPLOITDB WORKING POC
thatware 0.3-0.5.3 - Remote Code Execution via config.php root_path Parameter
PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
CVE-2006-4159 EXPLOITDB text WORKING POC
Chaussette < 080706 - Remote Code Execution via _BASE Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ including (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, and possibly (7) Event_for_month_per_day.php.
CVE-2006-5065 EXPLOITDB text WORKING POC
zoomstats < 1.0.2 - Remote File Inclusion via GLOBALS[lib][db][path] Parameter
PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ZoomStats 1.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[lib][db][path] parameter.
CVE-2006-5147 EXPLOITDB text WORKING POC
vamp_webmail < 2.0_beta1 - Remote File Inclusion via no_url Parameter
PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter.
CVE-2006-5053 EXPLOITDB text WRITEUP
Web-News < 1.6.3 - Remote File Inclusion via content_page Parameter
PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter.
CVE-2006-4213 EXPLOITDB text WORKING POC
PHP <0.4.6 - Remote Code Execution
PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2006-4158 EXPLOITDB text WORKING POC
spaminator < 1.7 - Remote File Inclusion via Login.php Page Parameter
PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2006-4121 EXPLOITDB text WRITEUP
See-Commerce 1.0.625 - Remote File Inclusion via owimg.php3 path Parameter
PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-5078 EXPLOITDB text WORKING POC
Kristian Niemi Polaring <0.04.03 - RCE
PHP remote file inclusion vulnerability in view/general.php in Kristian Niemi Polaring 00.04.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[dirMain] parameter.
CVE-2006-4103 EXPLOITDB text WORKING POC
PHP <1.3 - Remote Code Execution
PHP remote file inclusion vulnerability in article-raw.php in Jason Alexander phNNTP 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter.
CVE-2006-5521 EXPLOITDB text WORKING POC
Net_DNS < 0.03 - Remote File Inclusion via phpdns_basedir Parameter
PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.
CVE-2006-4160 EXPLOITDB text WORKING POC
MVCnPHP 3.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3) BaseView.php.
CVE-2006-5587 EXPLOITDB text WORKING POC
mdweb < 1.3 - Remote File Inclusion via chemin_appli Parameter
Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and earlier (Mdweb132-postgres) allow remote attackers to execute arbitrary PHP code via a URL in the chemin_appli parameter in (1) admin/inc/organisations/form_org.inc.php and (2) admin/inc/organisations/country_insert.php.
CVE-2006-3969 EXPLOITDB text WORKING POC
Colophon < 1.2 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-5048 EXPLOITDB text WORKING POC
Joomla! com_securityimages <3.0.5 - RCE
Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php.
CVE-2006-4992 EXPLOITDB text WORKING POC
JD-WordPress for Joomla! 2.0-1.0 RC2 - RCE
Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.
CVE-2006-4992 EXPLOITDB text WORKING POC
JD-WordPress for Joomla! 2.0-1.0 RC2 - RCE
Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.
CVE-2006-4992 EXPLOITDB text WORKING POC
JD-WordPress for Joomla! 2.0-1.0 RC2 - RCE
Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.
EIP-2026-108048 EXPLOITDB text WORKING POC
Jaws 0.5.2 - '/include/JawsDB.php' Remote File Inclusion
CVE-2006-4113 EXPLOITDB text WORKING POC
PHP <4.2 - Remote Code Execution
PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REP_INC parameter.
CVE-2006-6232 EXPLOITDB perl WORKING POC
DreamAccount 3.1 - Remote File Inclusion via Admin Index Path Parameter
PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
EIP-2026-105523 EXPLOITDB text WORKING POC
Blog:CMS 4.1 - 'Dir_Plugins' Multiple Remote File Inclusions
CVE-2006-4216 EXPLOITDB text WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4159. Reason: This candidate is a duplicate of CVE-2006-4159. Notes: All CVE users should reference CVE-2006-4159 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2006-5384 EXPLOITDB text WORKING POC
CDS Agenda < 4.2.9 - Remote Code Execution via SendAlertEmail.php AGE Parameter
PHP remote file inclusion vulnerability in modification/SendAlertEmail.php in CDS Software Consortium CDS Agenda 4.2.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AGE parameter.
CVE-2006-5092 EXPLOITDB text WRITEUP
A-Blog 2 - Remote File Inclusion via navigation_start Parameter
PHP remote file inclusion vulnerability in navigation/menu.php in A-Blog 2 allows remote attackers to execute arbitrary PHP code via a URL in the navigation_start parameter.