Kacper (a.k.a Rahim)

112 exploits Active since Mar 2006
CVE-2006-5554 EXPLOITDB php WORKING POC
Blackdot Imageview < 5 - Path Traversal
Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is executed by index.php.
CVE-2006-5511 EXPLOITDB php WORKING POC
JaxUltraBB 2.0 - Code Injection
Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter.
CVE-2008-1609 EXPLOITDB perl WORKING POC
JAF CMS 4.0 RC2 - RCE
Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127.
EIP-2026-108027 EXPLOITDB php WORKING POC
iziContents RC6 - Remote Code Execution
CVE-2006-4237 EXPLOITDB text WORKING POC
Invisionix Roaming System <0.2 - RCE
PHP remote file inclusion vulnerability in pageheaderdefault.inc.php in Invisionix Roaming System Remote (IRSR) 0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _sysSessionPath parameter.
CVE-2006-4448 EXPLOITDB text WORKING POC
interact 2.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/common.inc.php, and the (2) CONFIG[LANGUAGE_CPATH] parameter in (c) admin/autoprompter.php.
EIP-2026-107846 EXPLOITDB php WORKING POC
Innovate Portal 2.0 - 'acp.php' Remote Code Execution
CVE-2006-5304 EXPLOITDB text WORKING POC
InccMS Core <1.0.0 - RCE
PHP remote file inclusion vulnerability in inc/settings.php in IncCMS Core 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
CVE-2007-0082 EXPLOITDB php WORKING POC
IMGallery <2.5 - RCE
users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.
CVE-2008-5199 EXPLOITDB text WORKING POC
PHPOutsourcing IdeaBox <1.1 - RCE
PHP remote file inclusion vulnerability in include.php in PHPOutsourcing IdeaBox (aka IdeBox) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the gorumDir parameter.
CVE-2006-5670 EXPLOITDB php WORKING POC
Free Image Hosting <1.0 - RCE
PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.
CVE-2007-0804 EXPLOITDB php WORKING POC
GGCMS <1.1.0 RC1 - Path Traversal
Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.
CVE-2006-2998 EXPLOITDB text WORKING POC
QBoard <1.1 - RCE
PHP remote file inclusion vulnerability in board/post.php in free QBoard 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter.
CVE-2006-5762 EXPLOITDB php WORKING POC
Free PHP Scripts Free File Hosting < 1.1 - Code Injection
PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. This also affects Free Image Hosting 2.0, which contains the same code.
CVE-2006-2982 EXPLOITDB text WORKING POC
Enterprise Timesheet and Payroll Systems <1.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in (1) footer.php and (2) admin/footer.php.
CVE-2007-0764 EXPLOITDB php WORKING POC
F3Site <2.1 - RCE
Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.
EIP-2026-106981 EXPLOITDB php WORKING POC
extreme-fusion 4.02 - Remote Code Execution
EIP-2026-106980 EXPLOITDB php WORKING POC
eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion
CVE-2006-5292 EXPLOITDB text WORKING POC
Exhibit Engine <1.5 RC 4 - RCE
PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
CVE-2006-7183 EXPLOITDB text WRITEUP
Exhibit Engine <1.22 - RCE
PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
CVE-2006-6445 EXPLOITDB php WORKING POC
Envolution 1.1.0 - Path Traversal
Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
CVE-2006-2962 EXPLOITDB text WORKING POC
Empris <20020923 - RCE
PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter.
CVE-2006-6694 EXPLOITDB text WORKING POC
E-Uploader Pro <1.0 - RCE
Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php.
CVE-2006-5786 EXPLOITDB php WORKING POC
E107 - Path Traversal
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
CVE-2006-4234 EXPLOITDB text WRITEUP
dotProject <2.0.4 - RCE
PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.