GoLd_M

171 exploits Active since Jul 2005
CVE-2007-0300 EXPLOITDB text WRITEUP
tlm_cms < 1.1 - Remote File Inclusion via chemin Parameter
PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
CVE-2007-5628 EXPLOITDB text WORKING POC
The Online Web Library Site (TOWels) 0.1 - Remote Code Execution via pageHeaderFile Parameter
PHP remote file inclusion vulnerability in src/scripture.php in The Online Web Library Site (TOWels) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the pageHeaderFile parameter.
CVE-2007-6554 EXPLOITDB text WORKING POC
TeamCal Pro <3.1.000 - Path Traversal
Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php.
EIP-2026-112854 EXPLOITDB text WORKING POC
Uebimiau Web-Mail 3.2.0-1.8 - Remote File / Overwrite
CVE-2008-4894 EXPLOITDB text WORKING POC
Tribiq CMS 5.0.10a and 5.0.12c - Remote File Inclusion via Template Path Parameter
Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter. NOTE: it was later reported that this issue also affects 5.0.12c.
CVE-2007-5271 EXPLOITDB text WORKING POC
Trionic Cite CMS 1.2 rev9 - Remote Code Execution via bField[bf_data] Parameter
Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS 1.2 rev9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the bField[bf_data] parameter to (1) interface/editors/-custom.php or (2) interface/editors/custom.php.
CVE-2008-0503 EXPLOITDB text WORKING POC
Netwerk Smart Publisher 1.0.1 - Remote Code Execution via filedata Parameter
Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter.
CVE-2007-3370 EXPLOITDB text WRITEUP
Sun Board 1.00.00 Alpha - Remote File Inclusion via sunPath or dir Parameter
Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php.
CVE-2007-2185 EXPLOITDB text WRITEUP
Supasite 1.23b - Remote Code Execution via supa[db_path] or supa[include_path] Parameter
Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php.
CVE-2007-2304 EXPLOITDB text WORKING POC
qdblog < 0.4 - Directory Traversal via Theme Parameter
Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files.
CVE-2008-1046 EXPLOITDB text WORKING POC
Quinsonnas Mail Checker 1.55 - Remote Code Execution via footer.php op[footer_body] Parameter
PHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter.
CVE-2007-2156 EXPLOITDB text WRITEUP
rezervi_generic < 0.9 - Remote File Inclusion via root Parameter
Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) footer.inc.php, (3) header.inc.php, and (4) stylesheets.php in templates/; and (5) wochenuebersicht.inc.php, (6) monatsuebersicht.inc.php, (7) jahresuebersicht.inc.php, and (8) tagesuebersicht.inc.php in belegungsplan/.
CVE-2007-1636 EXPLOITDB perl WORKING POC
RoseOnlineCMS 3 B1 - Directory Traversal via op Parameter
Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
CVE-2007-1801 EXPLOITDB perl WORKING POC
sBLOG 0.7.3 Beta - Directory Traversal and Remote Code Execution via conf_lang_default Parameter
Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
CVE-2007-5843 EXPLOITDB text WORKING POC
scWiki 1.0 Beta 2 - Remote Code Execution via pathdot Parameter
PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter.
CVE-2007-6290 EXPLOITDB text WORKING POC
SERWeb <2.0.0 dev1 - Path Traversal
Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters.
CVE-2007-5056 EXPLOITDB text WORKING POC
ADOdb Lite < 1.42 - Remote Code Execution via last_module Parameter
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
CVE-2007-5781 EXPLOITDB text WORKING POC
Sige 0.1 - Remote Code Execution via SYS_PATH Parameter
PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter.
CVE-2008-2216 EXPLOITDB text WORKING POC
Project-Based Calendaring System 0.7.1 - Authenticated Arbitrary File Upload via yopy_upload.php
Unrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads.
CVE-2007-2540 EXPLOITDB text WRITEUP
PMECMS <1.0 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/.
CVE-2008-1125 EXPLOITDB text WORKING POC
Podcast Generator <1.0 BETA 2 - Path Traversal
Multiple directory traversal vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme_path parameter to core/themes.php and the (2) filename parameter to download.php.
CVE-2007-6400 EXPLOITDB text WORKING POC
PolDoc CMS 0.96 - Path Traversal via download_file.php filename Parameter
Directory traversal vulnerability in download_file.php in PolDoc CMS (aka PDDMS) 0.96 allows remote attackers to read arbitrary files via a .. (dot dot) or absolute pathname in the filename parameter.
CVE-2008-1645 EXPLOITDB text WORKING POC
phpSpamManager 0.53 beta - Path Traversal
Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. (dot dot) in the filename parameter.
CVE-2007-0307 EXPLOITDB text WRITEUP
Poplar Gedcom Viewer < 2.0 - Remote File Inclusion via env[rootPath] Parameter
PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter.
CVE-2008-1068 EXPLOITDB text WORKING POC
Portail Web Php < 2.5.1.1 - Remote Code Execution via site_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645.