GoLd_M

171 exploits Active since Jul 2005
CVE-2007-1613 EXPLOITDB text WORKING POC
MPM Chat 2.5 - Directory Traversal via Logi Parameter
Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the logi parameter.
CVE-2007-5812 EXPLOITDB text WORKING POC
ModuleBuilder 1.0 - Path Traversal via File Parameter
Directory traversal vulnerability in modules/Builder/DownloadModule.php in ModuleBuilder 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2008-1857 EXPLOITDB text WORKING POC
Make our Life Easy Mole <2.1.0 - Path Traversal
Multiple directory traversal vulnerabilities in viewsource.php in Make our Life Easy (Mole) 2.1.0 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) dirn and (2) fname parameters.
CVE-2007-6187 EXPLOITDB text WORKING POC
PHP Content Architect <1.2 - Path Traversal
Multiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filepath parameter to (1) css_file.php, (2) js_file.php, or (3) xml_file.php in noah/modules/nosystem/templates/.
CVE-2007-3136 EXPLOITDB html WORKING POC
newsSync 1.5.0rc6 - Remote File Inclusion via newsSync_NUKE_PATH Parameter
PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter.
CVE-2008-2343 EXPLOITDB text WORKING POC
News Manager 2.0 - Information Disclosure via Direct Request
News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php.
CVE-2007-1392 EXPLOITDB text WORKING POC
netForo! 0.1g - Directory Traversal via File Download Parameter
Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. (dot dot) in the file_to_download parameter.
CVE-2007-0633 EXPLOITDB text WORKING POC
MyNews < 4.2.2 - Remote File Inclusion via myNewsConf[path][sys][index] Parameter
PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter.
CVE-2007-3297 EXPLOITDB text WORKING POC
Musoo 0.21 - Remote File Inclusion via GLOBALS[ini_array][EXTLIB_PATH] Parameter
Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[ini_array][EXTLIB_PATH] parameter to (1) msDb.php, (2) modules/MusooTemplateLite.php, or (3) modules/SoundImporter.php.
CVE-2009-3426 EXPLOITDB text WORKING POC
MaxCMS 3.11.20b - Remote Code Execution via File Manager Special Parameter
PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote attackers to execute arbitrary PHP code via a URL in the fm_includes_special parameter.
EIP-2026-109529 EXPLOITDB text WORKING POC
MobileCartly 1.0 - Arbitrary File Deletion
CVE-2009-4627 EXPLOITDB text WORKING POC
Moa Gallery <1.2.0 - Path Traversal
Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the p_filename parameter, a different issue than CVE-2009-4614.
CVE-2007-6323 EXPLOITDB text WORKING POC
MMS Gallery PHP 1.0 - Path Traversal
Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/.
CVE-2008-5936 EXPLOITDB text WORKING POC
mini-pub <= 0.3 - Unauthenticated Arbitrary File Read via sFileName Parameter
front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter.
CVE-2007-6653 EXPLOITDB text WORKING POC
Mihalism Multi Host <2.0.7 - Path Traversal
Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2007-6657 EXPLOITDB text WORKING POC
Mihalism Multi Forum Host <3.0.x - RCE
PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfh_root_path parameter.
CVE-2007-5138 EXPLOITDB text WORKING POC
lustig.cms BETA 2.5 - Remote Code Execution via Forum View Parameter
PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter.
CVE-2007-2043 EXPLOITDB text WORKING POC
Mambo/Joomla! com_mosmedia <1.08 - RCE
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php.
CVE-2007-6214 EXPLOITDB text WORKING POC
LearnLoop <2.0 beta7 - Path Traversal
Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database.
EIP-2026-109082 EXPLOITDB text WORKING POC
Lc Flickr Carousel 1.0 - Local File Disclosure
CVE-2007-6212 EXPLOITDB text WORKING POC
KML share 1.1 - Path Traversal via Layer Parameter
Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter.
CVE-2007-2324 EXPLOITDB text WORKING POC
JulmaCMS 1.4 - Directory Traversal via File Parameter
Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2007-1842 EXPLOITDB python WORKING POC
jsboard < 2.0.11 - Directory Traversal via Table Parameter
Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
CVE-2008-0690 EXPLOITDB text WORKING POC
Joomla com_directory 2.3.2 - SQL Injection via catid Parameter
SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action.
CVE-2005-2246 EXPLOITDB text WORKING POC
iPhotoAlbum 1.1 - Remote File Inclusion via doc_path or set_menu Parameter
Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to execute arbitrary code via the (1) doc_path parameter to getpage.php or (2) set_menu parameter to lib/static/header.php.