GoLd_M

171 exploits Active since Jul 2005
CVE-2007-1372 EXPLOITDB text WORKING POC
PostGuestbook 0.6.1 - Remote File Inclusion via tpl_pgb_moddir Parameter
PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the tpl_pgb_moddir parameter.
CVE-2007-2199 EXPLOITDB text WORKING POC
CJG EXPLORER PRO 3.3 - Remote Code Execution via g_pcltar_lib_dir Parameter
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.
CVE-2007-0571 EXPLOITDB text WORKING POC
phpmyreports 3.0.11 - Remote File Inclusion via cfgPathModule Parameter
PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter.
CVE-2007-5574 EXPLOITDB text WRITEUP
phpdj 0.5 - Remote Code Execution via djpage.php page Parameter
PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2007-2677 EXPLOITDB text WRITEUP
phpChess Community Edition 2.0 - RCE
Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php.
CVE-2007-4636 EXPLOITDB text WORKING POC
phpBG 0.9.1 - Remote File Inclusion via rootdir Parameter
Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php.
CVE-2007-1633 EXPLOITDB perl WORKING POC
Splatt Forum 4.0 RC1 - Remote File Inclusion via bbcode_ref.php name Parameter
Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
CVE-2007-2615 EXPLOITDB text WRITEUP
Crie seu PHPLojaFacil 0.1.5 - Remote File Inclusion via path_local Parameter
Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php.
CVE-2007-2594 EXPLOITDB html WORKING POC
phpmyportal 3.0.0 RC3 - Remote File Inclusion via GLOBALS[CHEMINMODULES] Parameter
PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter.
CVE-2007-6177 EXPLOITDB text WORKING POC
PHP_CON 1.3 - Remote Code Execution via webappcfg[APPPATH] Parameter
PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter.
CVE-2007-2200 EXPLOITDB text WORKING POC
Pagode 0.5.8 - Directory Traversal via Absolute Parameter
Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the asolute parameter.
CVE-2007-4641 EXPLOITDB python WORKING POC
Pakupaku CMS < 0.4 - Remote Code Execution via Path Traversal in Page Parameter
Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
CVE-2007-5631 EXPLOITDB text WORKING POC
PeopleAggregator 1.2pre6 - Remote Code Execution via current_blockmodule_path Parameter
Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter to (1) AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, (2) ImagesMediaGalleryModule/ImagesMediaGalleryModule.php, (3) MembersFacewallModule/MembersFacewallModule.php, (4) NewestGroupsModule/NewestGroupsModule.php, (5) UploadMediaModule/UploadMediaModule.php, and (6) VideosMediaGalleryModule/VideosMediaGalleryModule.php in BetaBlockModules/; and (7) the path_prefix parameter to several components.
CVE-2007-2545 EXPLOITDB text WRITEUP
Persism CMS < 0.9.2 - Remote File Inclusion via system[path] Parameter
Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.
CVE-2007-1698 EXPLOITDB text WRITEUP
Philex < 0.2.3 - Unauthenticated Arbitrary File Read via download.php file Parameter
download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter.
CVE-2007-1620 EXPLOITDB text WORKING POC
php_db_designer < 1.02 - Remote File Inclusion via _SESSION Parameter
Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c) db/session.php.
CVE-2007-5642 EXPLOITDB text WORKING POC
PHP Project Management < 0.8.10 - Path Traversal via Multiple Module Parameters
Multiple directory traversal vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the def_lang parameter to modules/files/list.php; the m_path parameter to (2) modules/projects/summary.inc.php or (3) modules/tasks/summary.inc.php; (4) the module parameter to modules/projects/list.php; or the module parameter to index.php in the (5) certinfo, (6) emails, (7) events, (8) fax, (9) files, (10) groupadm, (11) history, (12) info, (13) log, (14) mail, (15) messages, (16) organizations, (17) phones, (18) presence, (19) projects, (20) reports, (21) search, (22) snf, (23) syslog, (24) tasks, or (25) useradm subdirectory of modules/.
CVE-2007-1104 EXPLOITDB text WORKING POC
PHP-MIP 0.1 - Remote File Inclusion via laypath Parameter
PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter.
CVE-2008-6651 EXPLOITDB text WORKING POC
OxYProject OxYBox 0.85 - Remote Code Injection via edithistory.php oxymsg Parameter
Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter.
CVE-2007-2620 EXPLOITDB text WRITEUP
Jakub Steiner's Original 0.11 - RCE
PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub Steiner (aka jimmac) original 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the x[1] parameter.
CVE-2007-2069 EXPLOITDB text WRITEUP
openmairie < 1.11 - Directory Traversal via dsn[phptype] Parameter
Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] parameter.
CVE-2007-2676 EXPLOITDB text WORKING POC
Open Translation Engine 0.7.8 - RCE
PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter.
CVE-2008-6409 EXPLOITDB text WORKING POC
ol'bookmarks manager 0.7.5 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action.
CVE-2007-5841 EXPLOITDB text WORKING POC
nuBoard 0.5 - Remote Code Execution
PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
CVE-2007-5056 EXPLOITDB text WORKING POC
ADOdb Lite < 1.42 - Remote Code Execution via last_module Parameter
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.