GregStar

10 exploits Active since Oct 2006
CVE-2007-0846 EXPLOITDB text WORKING POC
Open Tibia Server CMS <= 2.1.5 - Cross-Site Scripting via Forum Name Parameter
Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter.
CVE-2006-5547 EXPLOITDB text WORKING POC
Open Tibia Server Content Management System <1.0.4 - RCE
PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.0.0 through 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][otscms][directories][includes] parameter.
CVE-2006-5546 EXPLOITDB text WORKING POC
Open Tibia Server Content Management System <1.4.1 - RCE
PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.3.0 through 1.4.1 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][otscms][directories][classes] parameter.
CVE-2006-6214 EXPLOITDB text WORKING POC
Wallpaper Complete Website 1.0.09 - SQL Injection via wallpaperid Parameter
SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wallpaper Complete Website) 1.0.09 allows remote attackers to execute arbitrary SQL commands via the wallpaperid parameter.
CVE-2006-6220 EXPLOITDB text WORKING POC
Recipes Complete Website 1.1.14 - SQL Injection via recipeid or categoryid Parameter
Multiple SQL injection vulnerabilities in Recipes Website (Recipes Complete Website) 1.1.14 allow remote attackers to execute arbitrary SQL commands via the (1) recipeid parameter to recipe.php or the (2) categoryid parameter to list.php.
CVE-2006-6360 EXPLOITDB text WRITEUP
PHP Upload Center 2.0 - Remote File Inclusion via activate.php footerpage Parameter
PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter.
CVE-2007-0847 EXPLOITDB text WORKING POC
Open Tibia Server CMS <2.1.5 - SQL Injection
SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php.
CVE-2006-5548 EXPLOITDB text WORKING POC
Open Tibia Server Content Management System <2.1.3 - RCE
PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 2.0.0 through 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][directories][classes] parameter.
CVE-2006-5767 EXPLOITDB text WORKING POC
Drake CMS < 0.2.2_alpha_r846 - Remote Code Execution via d_root Parameter
PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 alpha rev.846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter.
CVE-2006-5766 EXPLOITDB text WORKING POC
Article System 0.6 - Remote File Inclusion via config[public_dir] Parameter
PHP remote file inclusion vulnerability in volume.php in Article System 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config[public_dir] parameter.