H-T TeaM {HouSSaMix _ ToXiC350}

5 exploits Active since Jan 2008
CVE-2008-0259 EXPLOITDB text WORKING POC
Minimal Design Minimal Gallery - Path Traversal
Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters.
CVE-2008-0148 EXPLOITDB text WORKING POC
Tutos - Access Control
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.
CVE-2008-0222 EXPLOITDB text WRITEUP
Wordpress Filemanager - Code Injection
Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors.
CVE-2008-0149 EXPLOITDB text WORKING POC
TUTOS 1.3 - Info Disclosure
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.
CVE-2008-0260 EXPLOITDB text WORKING POC
Minimal Design Minimal Gallery - Improper Input Validation
minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.