GoLd_M

171 exploits Active since Jul 2005
CVE-2007-5813 EXPLOITDB text WORKING POC
ISPworker 1.21 - Path Traversal via TicketID or Filename Parameter
Multiple directory traversal vulnerabilities in download.php in ISPworker 1.21 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ticketid and (2) filename parameters.
EIP-2026-107659 EXPLOITDB text WORKING POC
House Style 0.1.2 - 'readfile()' Local File Disclosure
CVE-2007-0810 EXPLOITDB text WORKING POC
GeekLog - Remote File Inclusion via glConf[path_libraries] Parameter
PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog.
CVE-2007-5099 EXPLOITDB text WORKING POC
David Watters Helplink 0.1.0 - Remote Code Execution via show.php file Parameter
PHP remote file inclusion vulnerability in show.php in David Watters Helplink 0.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2007-5786 EXPLOITDB text WORKING POC
GoSamba 1.0.1 - Remote Code Execution via PHP File Inclusion in include_path Parameter
Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5) inc_group.php; (6) inc_manager.php; (7) inc_newgroup.php; (8) inc_smb_conf.php; (9) inc_user.php; or (10) main.php.
CVE-2007-2609 EXPLOITDB text WRITEUP
gnu_edu 1.3b2 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.
CVE-2008-0905 EXPLOITDB text WORKING POC
Globsy 1.0 - Path Traversal via File Parameter
Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2007-1577 EXPLOITDB perl WORKING POC
GeBlog 0.1 - Directory Traversal and Remote Code Execution via GLOBALS[tplname] Parameter
Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
CVE-2007-2298 EXPLOITDB text WRITEUP
Garennes < 0.6.1 - Remote File Inclusion via repertoire_config Parameter
Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/.
EIP-2026-107339 EXPLOITDB text WRITEUP
Galmeta Post CMS 0.2 - Remote Code Execution / Arbitrary File Upload
EIP-2026-107332 EXPLOITDB text WRITEUP
Gallery 1.2.5 - 'GALLERY_BASEDIR' Multiple Remote File Inclusions
CVE-2007-2569 EXPLOITDB text WORKING POC
Friendly < 1.0d1 - Remote File Inclusion via friendly_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/.
CVE-2008-6934 EXPLOITDB text WORKING POC
Sanusart Free Simple Guestbook PHP Script - Remote Code Execution via Message Parameter
Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. NOTE: some of these details are obtained from third party information.
EIP-2026-106748 EXPLOITDB text WRITEUP
eCan 0.1 - Local File Disclosure
CVE-2007-0785 EXPLOITDB text WORKING POC
Flipsource Flip <2.01-final 1.0 - RCE
PHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.
CVE-2007-5782 EXPLOITDB text WORKING POC
FireConfig 0.5 - Unauthenticated Path Traversal via dl.php file Parameter
Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2008-1409 EXPLOITDB text WORKING POC
Exero CMS 1.0.1 - Path Traversal via Theme Parameter
Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php.
CVE-2007-0701 EXPLOITDB text WORKING POC
Epistemon 1.0 - Remote File Inclusion via inc_path Parameter
PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.
CVE-2008-5819 EXPLOITDB text WORKING POC
eDreamers eDNews <2 - Path Traversal
Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-5818 EXPLOITDB text WORKING POC
eDreamers eDContainer <2.22 - Path Traversal
Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-106434 EXPLOITDB text WRITEUP
DFFFrameworkAPI - 'DFF_config[dir_include]' Multiple Remote File Inclusions
EIP-2026-106674 EXPLOITDB text WRITEUP
e107 plugin fm pro 1 - File Disclosure / Arbitrary File Upload / Directory Traversal
CVE-2007-5821 EXPLOITDB text WORKING POC
DM Guestbook <0.4.1 - Path Traversal
Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lng parameter to (a) guestbook.php, (b) admin/admin.guestbook.php, or (c) auto/glob_new.php; or (2) the lngdefault parameter to auto/ch_lng.php.
CVE-2008-4502 EXPLOITDB text WRITEUP
DataFeedFile PHP Framework API - Remote Code Execution via DFF_config[dir_include] Parameter
Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.
CVE-2007-0395 EXPLOITDB text WRITEUP
ComVironment 4.0 - Remote File Inclusion via inc_dir Parameter
PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.