EA Ngel - Security Researcher - Exploit Intelligence Platform

CVE-2009-3174 EXPLOITDB text WORKING POC

OBOphiX < 2.7.0 - Remote Code Execution via chemin_lib Parameter

PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin_lib parameter.

View Code

CVE-2009-3317 EXPLOITDB text WORKING POC

OpenSiteAdmin 0.9.7 BETA - Remote Code Execution via Path Parameter

PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648.

View Code

CVE-2009-4622 EXPLOITDB text WRITEUP

Drunken:Golem Gaming Portal 0.5.1 - RCE

PHP remote file inclusion vulnerability in admin/admin_news_bot.php in Drunken:Golem Gaming Portal 0.5.1 alpha 2 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-0572.

View Code

CVE-2009-3365 EXPLOITDB text WORKING POC

Aurora CMS 1.0.2 - Remote Code Execution via AURORA_MODULES_FOLDER Parameter

PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter.

View Code

CVE-2009-3306 EXPLOITDB text WORKING POC

ClearSite 4.50 - Remote Code Execution via cs_base_path Parameter

PHP remote file inclusion vulnerability in include/header.php in ClearSite 4.50 allows remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter.

View Code

CVE-2009-3323 EXPLOITDB text WRITEUP

BAROSmini 0.32.595 - Remote Code Execution via PHP File Inclusion

Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation System mini (BAROSmini) 0.32.595 allow remote attackers to execute arbitrary PHP code via a URL in the baros_path parameter to (1) include/common_functions.php, and the main_path parameter to (2) lib_users.php, (3) lib_stats.php, and (4) lib_slots.php in include/lib/.

View Code