Kacper (a.k.a Rahim)

112 exploits Active since Mar 2006
CVE-2006-5554 EXPLOITDB php WORKING POC
Imageview < 5 - Directory Traversal via User Settings Cookie
Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is executed by index.php.
CVE-2006-5511 EXPLOITDB php WORKING POC
JaxUltraBB 2.0 - Remote Code Execution via delete.php contents parameter
Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter.
CVE-2008-1609 EXPLOITDB perl WORKING POC
jaf_cms 4.0 RC2 - Remote Code Execution via URL Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127.
EIP-2026-108027 EXPLOITDB php WORKING POC
iziContents RC6 - Remote Code Execution
CVE-2006-4237 EXPLOITDB text WORKING POC
Invisionix Roaming System <0.2 - RCE
PHP remote file inclusion vulnerability in pageheaderdefault.inc.php in Invisionix Roaming System Remote (IRSR) 0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _sysSessionPath parameter.
CVE-2006-4448 EXPLOITDB text WORKING POC
interact 2.2 - Remote File Inclusion via CONFIG[BASE_PATH] or CONFIG[LANGUAGE_CPATH] Parameter
Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/common.inc.php, and the (2) CONFIG[LANGUAGE_CPATH] parameter in (c) admin/autoprompter.php.
EIP-2026-107846 EXPLOITDB php WORKING POC
Innovate Portal 2.0 - 'acp.php' Remote Code Execution
CVE-2006-5304 EXPLOITDB text WORKING POC
inccms_core < 1.0.0 - Remote File Inclusion via inc_dir Parameter
PHP remote file inclusion vulnerability in inc/settings.php in IncCMS Core 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
CVE-2007-0082 EXPLOITDB php WORKING POC
IMGallery <= 2.5 - Authenticated Arbitrary PHP File Upload via Multiple Extensions
users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.
CVE-2008-5199 EXPLOITDB text WORKING POC
PHPOutsourcing IdeaBox 1.1 - Remote Code Execution via gorumDir Parameter
PHP remote file inclusion vulnerability in include.php in PHPOutsourcing IdeaBox (aka IdeBox) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the gorumDir parameter.
CVE-2006-5670 EXPLOITDB php WORKING POC
Free Image Hosting < 1.0 - Remote File Inclusion via AD_BODY_TEMP Parameter
PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.
CVE-2007-0804 EXPLOITDB php WORKING POC
GGCMS 1.1.0 RC1 and earlier - Directory Traversal and Arbitrary PHP Code Injection via subpageName Parameter
Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.
CVE-2006-2998 EXPLOITDB text WORKING POC
QBoard <1.1 - Remote Code Execution
PHP remote file inclusion vulnerability in board/post.php in free QBoard 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter.
CVE-2006-5762 EXPLOITDB php WORKING POC
Free File Hosting < 1.1 - Remote Code Execution via AD_BODY_TEMP Parameter
PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. This also affects Free Image Hosting 2.0, which contains the same code.
CVE-2006-2982 EXPLOITDB text WORKING POC
Enterprise Timesheet and Payroll Systems <1.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in (1) footer.php and (2) admin/footer.php.
CVE-2007-0764 EXPLOITDB php WORKING POC
F3Site <= 2.1 - Authenticated Arbitrary PHP File Upload via uplf Parameter
Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.
EIP-2026-106981 EXPLOITDB php WORKING POC
extreme-fusion 4.02 - Remote Code Execution
EIP-2026-106980 EXPLOITDB php WORKING POC
eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion
CVE-2006-5292 EXPLOITDB text WORKING POC
Exhibit Engine 1.5 RC 4 - Remote File Inclusion via toroot Parameter
PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
CVE-2006-7183 EXPLOITDB text WRITEUP
Exhibit Engine 2 < 1.22 - Remote File Inclusion via toroot Parameter
PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
CVE-2006-6445 EXPLOITDB php WORKING POC
Envolution 1.1.0 - Directory Traversal via PNSVlang Parameter
Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
CVE-2006-2962 EXPLOITDB text WORKING POC
Emergenices Personnel Information System < 2002-09-23 - Remote File Inclusion via phormationdir Parameter
PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter.
CVE-2006-6694 EXPLOITDB text WORKING POC
E-Uploader Pro 1.0 - Directory Traversal and Arbitrary PHP Code Execution via Language Parameter
Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php.
CVE-2006-5786 EXPLOITDB php WORKING POC
e107 0.7.5 - Directory Traversal via e107language_e107cookie Cookie
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
CVE-2006-4234 EXPLOITDB text WRITEUP
dotProject 2.0.4 - Remote File Inclusion via baseDir Parameter
PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.