EA Ngel

6 exploits Active since Sep 2009
CVE-2009-3174 EXPLOITDB text WORKING POC
Odelao Obophix < 2.7.0 - Code Injection
PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin_lib parameter.
CVE-2009-3317 EXPLOITDB text WORKING POC
Thecodeweasel Opensiteadmin - Code Injection
PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648.
CVE-2009-4622 EXPLOITDB text WRITEUP
Drunken:Golem Gaming Portal 0.5.1 - RCE
PHP remote file inclusion vulnerability in admin/admin_news_bot.php in Drunken:Golem Gaming Portal 0.5.1 alpha 2 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-0572.
CVE-2009-3365 EXPLOITDB text WORKING POC
Traza Aurora - Code Injection
PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter.
CVE-2009-3306 EXPLOITDB text WORKING POC
Richrumble Clearsite - Code Injection
PHP remote file inclusion vulnerability in include/header.php in ClearSite 4.50 allows remote attackers to execute arbitrary PHP code via a URL in the cs_base_path parameter.
CVE-2009-3323 EXPLOITDB text WRITEUP
Robig Barosmini - Code Injection
Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation System mini (BAROSmini) 0.32.595 allow remote attackers to execute arbitrary PHP code via a URL in the baros_path parameter to (1) include/common_functions.php, and the main_path parameter to (2) lib_users.php, (3) lib_stats.php, and (4) lib_slots.php in include/lib/.