GoLd_M

171 exploits Active since Jul 2005
CVE-2007-1809 EXPLOITDB text WRITEUP
GraFX Company WebSite Builder PRO 1.5 - RCE
Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different vectors than CVE-2007-1513.
CVE-2007-1640 EXPLOITDB text WRITEUP
ClassWeb < 2.03 - Remote File Inclusion via BASE Parameter
Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php.
CVE-2007-0500 EXPLOITDB text WORKING POC
Bradabra < 2.0.5 - Remote File Inclusion via include_path Parameter
PHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
CVE-2007-4957 EXPLOITDB text WORKING POC
Chupix CMS 0.2.3 - Path Traversal and Arbitrary File Write via Download.php Parameters
Multiple directory traversal vulnerabilities in download.php in Chupix CMS 0.2.3 allow remote attackers to read or overwrite arbitrary files via a .. (dot dot) in the (1) fichier or (2) repertoire parameter, or create arbitrary directories via a .. (dot dot) in the (3) repertoire parameter.
CVE-2007-2611 EXPLOITDB text WRITEUP
CGX 20050314 - Remote File Inclusion via pathCGX Parameter
Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/.
CVE-2007-1930 EXPLOITDB text WORKING POC
cattadoc - Directory Traversal via download2.php fn1 Parameter
Directory traversal vulnerability in download2.php in cattaDoc 2.21, and possibly other versions including 3.0, allows remote attackers to read arbitrary files via a .. (dot dot) in the fn1 parameter.
CVE-2007-2364 EXPLOITDB text WRITEUP
burnCMS 0.2 - Remote Code Execution
Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) mysql.class.php or (2) postgres.class.php in lib/db/; or (3) authuser.php, (4) misc.php, or (5) connect.php in lib/.
CVE-2007-1929 EXPLOITDB text WORKING POC
Beryo - Directory Traversal via Downloadpic.php Chemin Parameter
Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and possibly other versions including 2.4, allows remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter.
CVE-2008-0091 EXPLOITDB text WORKING POC
agency4net WEBFTP 1 - Path Traversal and Arbitrary File Read/Delete via download2.php file Parameter
Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter.
CVE-2007-3590 EXPLOITDB text WORKING POC
b1gBB 2.24.0 - Cross-Site Scripting via User Parameter
Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2007-5820 EXPLOITDB text WORKING POC
Ax Developer CMS 0.1.1 - Remote File Inclusion via Module Parameter Path Traversal
Directory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
CVE-2007-2301 EXPLOITDB text WRITEUP
arash audiocms 0.1.4 - Remote File Inclusion via arashlib_dir Parameter
Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) list_features.inc.php in arash_lib/include, and (3) arash_gadmin.class.php and (4) arash_sadmin.class.php in arash_lib/class/.
EIP-2026-105127 EXPLOITDB perl WORKING POC
Alstrasoft Article Manager Pro 1.6 - Blind SQL Injection
CVE-2007-0171 EXPLOITDB text WRITEUP
AllMyLinks < 0.5 - Remote File Inclusion via AML_opensite Parameter
PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.
CVE-2008-6414 EXPLOITDB text WORKING POC
AJ Auction Pro Platinum Skin 2 - SQL Injection via detail.php item_id Parameter
SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
CVE-2007-0837 EXPLOITDB text WORKING POC
AgerMenu <= 0.03 - Remote File Inclusion via rootdir Parameter
PHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
CVE-2007-1621 EXPLOITDB perl WORKING POC
Active PHP Bookmark Notes <0.2.5 - RCE
PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254.
CVE-2008-0794 EXPLOITDB text WORKING POC
Affiliate Market 0.1 BETA - Path Traversal via Language Parameter
Directory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
CVE-2007-1219 EXPLOITDB text WRITEUP
Admin Phorum 3.3.1a - Code Injection
PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
CVE-2008-4873 EXPLOITDB text WORKING POC
Sepal SPBOARD 4.5 - Remote Command Execution via board.cgi file Parameter
board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action.
CVE-2007-4256 EXPLOITDB text WORKING POC
YNP Portal System 2.2.0 - Path Traversal
Directory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter.