H-T TeaM {HouSSaMix _ ToXiC350}

5 exploits Active since Jan 2008
CVE-2008-0259 EXPLOITDB text WORKING POC
minimal_gallery 0.8 - Path Traversal via thumbcat or thumb Parameter
Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters.
CVE-2008-0148 EXPLOITDB text WORKING POC
TUTOS 1.3 - Remote Code Execution via cmd.php cmd Parameter
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.
CVE-2008-0222 EXPLOITDB text WRITEUP
Wp-FileManager 1.2 - Unauthenticated Arbitrary File Upload and Remote Code Execution via ajaxfilemanager.php
Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors.
CVE-2008-0149 EXPLOITDB text WORKING POC
TUTOS 1.3 - Information Exposure via phpinfo.php
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.
CVE-2008-0260 EXPLOITDB text WORKING POC
minimal Gallery 0.8 - Information Exposure via php_info.php
minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.