GoLd_M

171 exploits Active since Jul 2005
CVE-2009-3425 EXPLOITDB text WORKING POC
MaxCMS 3.11.20b - Path Traversal via thCMS_root Parameter
Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter.
CVE-2008-6138 EXPLOITDB text WRITEUP
WebBiscuits Modules Controller <1.1 - RCE
PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
CVE-2009-4931 EXPLOITDB perl WORKING POC
Groovy Media Player 1.1.0 - Stack-Based Buffer Overflow via Long String in .m3u Playlist File
Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file.
CVE-2008-2215 EXPLOITDB text WORKING POC
Project-Based Calendaring System 0.7.1-1 - Path Traversal via Filename Parameter
Multiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) src/yopy_sync.php and (2) system-logger/print_logs.php.
CVE-2007-3589 EXPLOITDB text WORKING POC
b1gbb 2.24.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php.
CVE-2007-1697 EXPLOITDB text WRITEUP
Philex < 0.2.3 - Remote File Inclusion via CssFile Parameter
PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter.
CVE-2007-0700 EXPLOITDB text WORKING POC
Gsylvain35 Portail Web - Path Traversal
Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1.
CVE-2008-6408 EXPLOITDB text WORKING POC
ol'bookmarks 0.7.5 - Remote Code Execution via frame.php framefile Parameter
PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter.
CVE-2008-6407 EXPLOITDB text WORKING POC
ol'bookmarks manager 0.7.5 - Path Traversal via frame.php framefile Parameter
Directory traversal vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the framefile parameter.
CVE-2008-1124 EXPLOITDB text WORKING POC
Podcast Generator <1.0 BETA 2 - RCE
Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php, (3) categories.php, (4) categories_add.php, (5) categories_remove.php, (6) edit.php, (7) editdel.php, (8) ftpfeature.php, (9) login.php, (10) pgRSSnews.php, (11) showcat.php, and (12) upload.php in core/admin/; and (13) archive_cat.php, (14) archive_nocat.php, and (15) recent_list.php in core/.
CVE-2007-6188 EXPLOITDB text WORKING POC
TuMusika Evolution 1.7R5 - Path Traversal
Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php.
CVE-2007-5641 EXPLOITDB text WORKING POC
PHP Project Management < 0.8.10 - Remote Code Execution via Full Path Parameter
Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the full_path parameter to (1) certinfo/index.php, (2) emails/index.php, (3) events/index.php, (4) fax/index.php, (5) files/index.php, (6) files/list.php, (7) groupadm/index.php, (8) history/index.php, (9) info/index.php, (10) log/index.php, (11) mail/index.php, (12) messages/index.php, (13) organizations/index.php, (14) phones/index.php, (15) presence/index.php, (16) projects/index.php, (17) projects/summary.inc.php, (18) projects/list.php, (19) reports/index.php, (20) search/index.php, (21) snf/index.php, (22) syslog/index.php, (23) tasks/searchsimilar.php, (24) tasks/index.php, (25) tasks/summary.inc.php, and (26) useradm/index.php in modules; (27) /ajax/loadsplash.php; (28) /blocks/birthday.php; (29) /blocks/events.php; and (30) /blocks/help.php.
CVE-2008-5883 EXPLOITDB text WORKING POC
mini-pub < 0.3 - Unauthenticated Path Traversal via sDir Parameter
Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter.
CVE-2008-2342 EXPLOITDB text WORKING POC
News Manager 2.0 - Path Traversal via Attachments.php ID Parameter
Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
CVE-2008-2341 EXPLOITDB text WORKING POC
News Manager 2.0 - Remote Code Execution via ch_readalso.php read_xml_include Parameter
PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter.
CVE-2008-2340 EXPLOITDB text WORKING POC
News Manager 2.0 - SQL Injection via lang or pid Parameter
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
CVE-2007-6289 EXPLOITDB text WORKING POC
iptel serweb < 2.0.0dev1 - Remote Code Execution via _SERWEB[configdir] Parameter
Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358.
CVE-2007-6289 EXPLOITDB text WORKING POC
iptel serweb < 2.0.0dev1 - Remote Code Execution via _SERWEB[configdir] Parameter
Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358.
CVE-2007-4640 EXPLOITDB python WORKING POC
Pakupaku CMS < 0.4 - Unauthenticated Arbitrary File Upload via index.php Uploads Action
Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action.
CVE-2009-1437 EXPLOITDB python WORKING POC
CoolPlayer Portable < 2.19.6 - Stack-based Buffer Overflow via Malformed Playlist File
Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.6 and earlier allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: this may overlap CVE-2008-3408.
CVE-2009-1449 EXPLOITDB python WORKING POC
CoolPlayer Portable 2.19.1 - Stack-based Buffer Overflow via Skin File PlaylistSkin Parameter
Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.1 allows remote attackers to execute arbitrary code via a skin file (skin.ini) with a large PlaylistSkin parameter. NOTE: this may overlap CVE-2008-5735.
CVE-2009-1644 EXPLOITDB perl WORKING POC
Sorinara Streaming Audio Player 0.9 - Stack-based Buffer Overflow via Crafted PLA File
Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 allows remote attackers to execute arbitrary code via a crafted .pla file.
CVE-2009-4758 EXPLOITDB perl WORKING POC
dicas Mpegable Player 2.12 - Buffer Overflow
Stack-based buffer overflow in dicas Mpegable Player 2.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .YUV file.
CVE-2009-1437 EXPLOITDB perl WORKING POC
CoolPlayer Portable < 2.19.6 - Stack-based Buffer Overflow via Malformed Playlist File
Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.6 and earlier allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: this may overlap CVE-2008-3408.
CVE-2009-4932 EXPLOITDB perl WORKING POC
Mpesch3.de1 1by1 - Memory Corruption
Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file.